Adaptive attack resistant distributed symmetric encryption

ABSTRACT

Systems and methods for adaptive attack resistant distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess multiple secret shares corresponding to distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate multiple commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key. The client computer may use the cryptographic key to encrypt a message or decrypt ciphertext.

BACKGROUND

“Cryptography as a service” may refer to processes where one entityperforms cryptographic operations on behalf of another entity. Forexample, a server computer may encrypt data (such as sensitive medicalrecords or other private documents) on behalf of a client computer. At alater time, when the client computer wants to retrieve the encrypteddata, the client computer may communicate with the server computer inorder to decrypt the encrypted data. Alternatively or additionally, theclient computer can transmit the encrypted data to another clientcomputer. This other client computer may communicate with the servercomputer in order to decrypt the encrypted data. Thus cryptography as aservice may be used to protect data across either time or space.Cryptography as a service may be desirable because servers may be betterequipped than client computers to store sensitive cryptographicinformation, such as secret cryptographic keys.

Some cryptographic operations can be categorized as symmetric orasymmetric. With symmetric cryptography, the same cryptographic key canbe used to encrypt and decrypt data. With asymmetric cryptography, twocryptographic keys are used. Data encrypted using one cryptographic keymust be decrypted using the other, and vis-versa. Asymmetriccryptography is typically much slower than symmetric cryptography, insome cases, up to three to five orders of magnitude slower. As a result,symmetric cryptography is usually preferable for high speed or highthroughput cryptography as a service applications.

Distributed cryptography using a shared secret is one technique that canbe used to implement cryptography as a service. Rather than a singleserver computer performing cryptography for a client computer, adistributed network of cryptographic devices (e.g., server computers)can collectively perform cryptography for the client computer.Cryptographic materials, such as a secret key or shared secret can bedivided into secret shares and distributed among the cryptographicdevices. Those cryptographic devices and the client computer cancollectively perform encryption or decryption using their respectivesecret shares. Distributed cryptography may provide security benefitswhen compared to conventional cryptography, because it is more difficultfor an attacker to acquire the shared secret. An attacker must acquiremultiple secret shares to reconstruct the secret key or shared secret orotherwise compromise the cryptosystem.

Although distributed symmetric cryptographic systems are generally moresecure than comparable non-distributed systems, they still may bevulnerable to attack. A hacker may attempt to corrupt one or morecryptographic devices in a distributed symmetric cryptographic system inorder to acquire their secret shares and/or compromise the system.Cryptographic attacks are sometimes categorized into different attackmodels. Some attacks are “static attacks” and others are “dynamicattacks” or “adaptive attacks.” Many conventional distributed symmetriccryptography systems are vulnerable to dynamic attacks and adaptiveattacks.

Thus, there is a need for improvements to distributed symmetricencryption to address dynamic attacks.

SUMMARY

Embodiments are directed to systems and methods for adaptive attackresistant distributed symmetric cryptography. A client computer and aplurality of cryptographic devices from a cryptographic device networkcan work together to generate a symmetric cryptographic key. Thiscryptographic key can be used by the client computer to encrypt ordecrypt a message. For example, the client computer and cryptographicdevices can encrypt a message (such as sensitive personal or bankinginformation) to produce a ciphertext, and then the client computer canstore the ciphertext. At a later time, the client computer and thecryptographic devices can decrypt the ciphertext to produce the message.In another use case, the client computer can send the ciphertext toanother client computer. The other client computer and the cryptographicdevices can then decrypt the ciphertext and retrieve the message,allowing messages to be sent securely over unsecure networks (such asthe Internet).

Generally, during an encryption or decryption process, the cryptographicdevices can provide partial computations to the client computer. Thesepartial computations can be derived from secret shares stored by eachcryptographic device. The client computer can combine these partialcomputations to produce a symmetric encryption key. The client computercan use the symmetric cryptographic key to either encrypt a message ordecrypt a ciphertext.

Unlike other distributed cryptography systems, each cryptographic devicecan possess multiple secret shares, derived from different sharedsecrets. In some embodiments, each cryptographic device can possess afirst secret share derived from a first secret value and a second secretshare derived from a second secret value. Each cryptographic device cangenerate partial computations derived from each of the secret shares(e.g., a first partial computation generated from the first secret shareand a second partial computation generated from the second secretshare). These partial computations can be combined and provided to theclient computer, which can then use the partial computations to producethe cryptographic key.

A benefit of using multiple secret shares and multiple secret values isthat the distributed computation used to generated the cryptographic keyis not bound to any particular set (or “tuple”) of secret values orsecret shares. Instead, there are an exponentially large number ofsecret values and secret shares that are equally likely to have beenused to produce the cryptographic key. As a result, it is impossible foran attacker to determine the exact secret values or secret shares evenif the attacker has unbounded computational resources. As such, anattacker cannot determine the secret shares even while performing anadaptive attack. By contrast, in non-adaptive distributed cryptographysystems, the distributed computation may be bound to a specific secret,allowing an attacker to use adaptive attacks that may exploitcorrelations between different partial computations. As a result, theattacker may be able to acquire sensitive cryptographic materials, orotherwise breach the non-adaptive cryptosystem.

Some embodiments provide for additional security features, such asverifying legitimate use of the distributed cryptographic system usingverification signatures, logging or otherwise tracking use of thedistributed system using log files, and verifying partial computationsusing Honest Verifier Zero Knowledge (HVZK) proofs.

As an example, during encryption, the client computer and cryptographicdevices can generate partial signatures, which can be combined into averification signature. During decryption, the client computer canprovide the verification signature to the cryptographic devices. Thecryptographic devices can verify the verification signature using averification key. If the verification signature is legitimate, thecryptographic devices can determine that the client computer isperforming a legitimate decryption operation. The presence or absence ofa verification signature can indicate to the cryptographic devices thatthe client computer is decrypting or encrypting a message respectively.However, the client computer can also transmit an indicator to thecryptographic devices, indicating whether the client computer isencrypting or decrypting data. The cryptographic devices can record theindicator or verification signature in a log file as a record indicatingthat the client computer encrypted or decrypted a message.

Additionally, the client computer can use HVZK proofs in order to verifypartial computations transmitted by the cryptographic devices. Theclient computer can retrieve check values, either from a trusted serveror its own memory. These check values correspond to secret sharescorresponding to each partial computation. Using these check values, theclient computer can verify that the partial computations are legitimate,however, the client computer cannot determine the secret shares fromeither the check values or the partial computation. As such, the secretshares are protected even against malicious client computers.

One embodiment is directed to a method comprising performing, by acomputer system: generating a first commitment using a message and afirst hash function; generating a second commitment using the messageand a second hash function; transmitting a request including the firstcommitment and the second commitment to each of a plurality ofcryptographic devices, the plurality of cryptographic devices storing afirst plurality of secret shares that are generated from a first secretvalue and a second plurality of secret shares that are generated from asecond secret value; receiving, from the plurality of cryptographicdevices, a plurality of partial computations, wherein each partialcomputation of the plurality of partial computations was generated by arespective one of the plurality of cryptographic devices using arespective first partial computation and a respective second partialcomputation, wherein the respective first partial computation isgenerated using a respective first secret share and the firstcommitment, and wherein the respective second partial computation isgenerated using a respective second secret share and the secondcommitment; generating a cryptographic key based on the plurality ofpartial computations; generating a ciphertext by encrypting the messageusing the cryptographic key; and generating a payload comprising theciphertext, the first commitment, and the second commitment.

Another embodiment is directed to a method comprising performing, by acomputer system: receiving a payload comprising a ciphertext, a firstcommitment, and a second commitment; transmitting a request includingthe first commitment and the second commitment to each of a plurality ofcryptographic devices, the plurality of cryptographic devices storing afirst plurality of secret shares that are generated from a first secretvalue and a second plurality of secret shares that are generated from asecond secret value; receiving, from the plurality of cryptographicdevices, a plurality of partial computations, wherein each partialcomputation of the plurality of partial computations was generated by arespective one of the plurality of cryptographic devices using arespective first partial computation and a respective second partialcomputation, wherein the respective first partial computation isgenerated using a respective first secret share and the firstcommitment, and wherein the respective second partial computation isgenerated using a respective second secret share and the secondcommitment; generating a cryptographic key based on the plurality ofpartial computations; and decrypting the ciphertext using thecryptographic key to produce a message.

Another embodiment is directed to a method comprising performing, by acryptographic device: receiving, from a client computer, a requestincluding a first commitment generated using a message and a first hashfunction, and a second commitment generated using the message and asecond hash function; generating a first partial computation based onthe first secret share and the first commitment; generating a secondpartial computation based on a second secret share and the secondcommitment; generating a partial computation by combining the firstpartial computation and the second partial computation; and transmittingthe partial computation to the client computer, thereby enabling theclient computer to: (1) generate a cryptographic key using the partialcomputation, (2) encrypt the message using the cryptographic key,thereby generating a ciphertext, and (3) generate a payload comprisingthe ciphertext, the first commitment, and the second commitment.

These and other embodiments of the disclosure are described in detailbelow. For example, other embodiments are directed to systems, devices,and computer readable media associated with methods described herein.

Prior to discussing specific embodiments of the invention, some termsmay be described in detail.

Terms

A “server computer” may include a powerful computer or cluster ofcomputers. For example, the server computer can include a largemainframe, a minicomputer cluster, or a group of servers functioning asa unit. In one example, the server computer can include a databaseserver coupled to a web server. The server computer may comprise one ormore computational apparatuses and may use any of a variety of computingstructures, arrangements, and compilations for servicing the requestsfrom one or more client computers.

A “memory” may be any suitable device or devices that may storeelectronic data. A suitable memory may comprise a non-transitorycomputer readable medium that stores instructions that can be executedby a processor to implement a desired method. Examples of memories maycomprise one or more memory chips, disk drives, etc. Such memories mayoperate using any suitable electrical, optical, and/or magnetic mode ofoperation.

A “processor” may refer to any suitable data computation device ordevices. A processor may comprise one or more microprocessors workingtogether to accomplish a desired function. The processor may include aCPU that comprises at least one high-speed data processor adequate toexecute program components for executing user and/or system-generatedrequests. The CPU may be a microprocessor such as AMD's Athlon, Duronand/or Opteron; IBM and/or Motorola's PowerPC; IBM's and Sony's Cellprocessor; Intel's Celeron, Itanium, Pentium, Xeon, and/or XScale;and/or the like processor(s).

The term “cryptographic key” may include data used in encryption ordecryption. For example, a cryptographic key may refer to a product oftwo large prime numbers. A cryptographic key may be used in acryptosystem such as RSA (Rivest, Shamir, Adleman) or AES (AdvancedEncryption Standard), and may be used to encrypt plaintext and produce aciphertext output, or decrypt ciphertext and produce a plaintext output.Cryptographic keys may be symmetrical, in which case the same key isused for encryption and decryption, or asymmetrical, in which casedifferent keys are used for encryption and decryption.

The term “plaintext” may refer to text that is in unencrypted or plainform. For example, this may refer to text that can be interpreted by ahuman or a computer without any processing, such as the phrase “hello,how are you?” Numbers or other symbols may also qualify as plaintext.

The term “ciphertext” may refer to text that is in an encrypted form.For example, this could refer to text that must be decrypted before itcan be interpreted by a human or computer. Ciphertext may be generatedusing any cryptographic algorithm or cryptosystem, such as RSA or AES.

A “client computer” may refer to a computer that uses the services ofother computers or devices, such as server computers. A client computermay connect to these other computers or devices over a network such asthe Internet. As an example, a client computer may comprise a laptopcomputer that connects to an image hosting server in order to viewimages stored on that image hosting server.

A “cryptographic device” may refer to any device that may performcryptographic operations, including encryption and decryption. Acryptographic device may participate in distributed or multi-partycryptography. Examples of cryptographic devices include servercomputers, hardware security modules, desktop computers, laptops,smartphones, smart watches, or other portable electronic devices. Acryptographic device may possess a “secret,” or “secret share.”

A “proxy device” may refer to a device that acts as a proxy. A proxydevice may perform operations on behalf of other devices. For example, aproxy device may receive and transmit messages or other data on behalfof other devices. A proxy device that acts to route communicationsbetween other devices in a network of devices may be referred to as a“hub device.”

The term “multi-party computation” may refer to a computation that isperformed by multiple parties. Each party, such as a computer, server,or cryptographic device, may have some inputs to the computation. Eachparty can collectively calculate the output of the computation using theinputs.

The term “secure multi-party computation” may refer to a multi-partycomputation that is secure. In some cases, “secure multi-partycomputation refers to a multi-party computation in which the parties donot share information or other inputs with each other. An example isYao's Millionaires' problem, in which two millionaires want to determinewhich one is more wealthy without revealing their wealth to one another.

A “secret value” or “secret” may refer to a value or thing kept hiddenas part of a cryptographic process. The security of the cryptographicprocess may rely on the secret value remaining secret. A secret mayinclude a cryptographic key or a “secret share.” Exposure of the secretmay allow parties other than the intended parties to encrypt or decryptmessages.

A “shared secret” may refer to a secret value or thing shared betweenmultiple parties. For example, a shared secret may be a cryptographickey, divided up such that multiple parties each possess a fraction ofthat cryptographic key. As an example, two parties may each possess 64bits of a shared secret comprising a 128 bit cryptographic key.

A “secret share” may refer to a value derived from a shared secret. Asan example, a secret share may comprise the first 64 bits of a 128 bitsecret value. A secret share may also comprise a secret value combinedwith a number or other data. In some cases, multiple secret shares maybe combined to reproduce a shared secret.

A “hash function” may refer to any function that can be used to map dataof arbitrary length or size to data of fixed length or size. A hashfunction may be used to obscure data by replacing it with itscorresponding “hash value.” Hash functions may be used to generate“commitments” or “commitment messages” data that may be used to evaluatethe integrity of encrypted data.

A “commitment” or “commitment message” may refer to data that may beused to verify that a course of action has been committed to. In thecontext of cryptography, a commitment may refer to a message that may beused to verify that an encrypted message was not tampered with. Before amessage is encrypted, a commitment can be produced based on the message,e.g., via a hash function. This commitment can be sent alongside theencrypted message. Once the message is decrypted, the recipient cangenerate its own commitment message using the same hash function. Thereceived commitment message and the generated commitment message can becompared to verify the integrity of the encrypted message.

A “pseudorandom function” may refer to a deterministic function thatproduces an output that appears random. Pseudorandom functions mayinclude collision resistant hash functions and elliptic curve groups. Apseudorandom function may approximate a random oracle, an idealcryptographic primitive that maps an input to a random output from itsoutput domain. A pseudorandom function can be constructed from apseudorandom number generator.

A “random nonce” or “cryptographic nonce” may refer to a random value(e.g., a random number) that may be used in a cryptographic process,preferably a limited number of times. A random nonce may be randomly orpseudorandomly generated, and may be used in conjunction withcryptographic hash functions. A random nonce may prevent somecryptographic attacks, such as the “replay attack.”

A “honest verifier zero-knowledge proof of knowledge” (also referred toas an HVZK proof) may refer to a zero-knowledge proof of knowledgeperformed by an honest verifying entity. An honest verifying entity isan entity (e.g., a client computer) that participates in a cryptographicprotocol non-maliciously (e.g., without changing their inputs oroutputs) and according to the rules of the protocol. An HVZK proof canbe used to verify the legitimacy of information (such as a secret share)without learning anything else about the information.

A “verification value” may refer to data used to verify a computation,fact, or knowledge. An example of a verification value is anon-interactive zero-knowledge proof of knowledge, as discussed above.Another example of a verification value is a cryptographic key. As anexample, a private cryptographic key may be used to verify the identityof the person or computer possessing that cryptographic key by signingor encrypting data using that private cryptographic key. A verificationvalue comprising a cryptographic key may be referred to as a“verification key.”

A “verification share” may refer to part of a verification value, ordata derived from a verification value. A plurality of verificationshares may be combined in some manner to produce the correspondingverification value. For example, the product of a collection ofverification shares may be equal to the corresponding verificationvalue.

A “signature,” “digital signature,” or “verification signature” mayrefer to data used to verify the authenticity of data usingcryptography. A computer may digitally sign data by encrypting that datausing a cryptographic key known only to that computer (i.e., a privatekey). Other computers may verify the signature by decrypting the datausing a publically known cryptographic key corresponding to thatcomputer (i.e., a public key). A verification signature may be used toverify either the source of the signed data or the veracity of thesigned data.

A “partial signature” may refer to part of a digital signature. Apartial signature, when combined with other partial signatures mayreproduce the digital signature. For example, the exclusive-OR of aplurality of partial signatures may be used to reproduce a digitalsignature.

A “partial computation” may refer to part of a computation. Multiplepartial computations may be combined to produce the output of thecomputation. For example, the volume of multiple solids may comprisepartial computations of the total volume of those solids, and thosepartial computations may be combined via addition. Partial computationsmay be generated by multiple parties or cryptographic devicesparticipating in a multi-party computation.

A “message” may refer to any data that may be transmitted between twoentities. A message may comprise plaintext data or ciphertext data. Amessage may comprise alphanumeric sequences (e.g., “hello123”) or anyother data (e.g., image or video files). Messages may be transmittedbetween computers or other entities

A “payload” may refer to information in a transmitted message. A payloadmay exclude automatically generated metadata. A payload may comprisemultiple data elements. For example, a payload corresponding to humanvital statistics may comprise three data values corresponding to theweight, height, and age of a human.

A “key generation seed” may refer to a value or other data used togenerate a cryptographic key. For example, a key generation seed may bea number such as “12034024.” A key generation seed may be used as theinput to a random or pseudorandom function to generate the cryptographickey. Key generation functions may be consistent, that is, identical keygeneration seeds generate identical cryptographic keys.

A “log file” may comprise a data file that stores a record ofinformation. For example, a log file may comprise records of use of aparticular service, such as distributed cryptography. A log file maycontain additional information, such as a time associated with use ofthe service, an identifier associated with a client using the service,the nature of the use of the service (for example, whether a client isencrypting or decrypting data), etc.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a system block diagram of an exemplary distributedsymmetric cryptography system according to some embodiments.

FIG. 2 shows a system block diagram of an exemplary client computeraccording to some embodiments.

FIG. 3 shows a system block diagram of an exemplary cryptographic deviceaccording to some embodiments.

FIG. 4 shows a system block diagram for an exemplary secret share andverification share provisioning system according to some embodiments

FIG. 5 shows a sequence diagram for an exemplary secret share andverification share provisioning process according to some embodiments.

FIG. 6A shows a hybrid sequence diagram for a first part of an exemplarymethod of adaptive attack resistant distributed symmetric encryption.

FIG. 6B shows a hybrid sequence diagram for a second part of anexemplary method of adaptive attack resistant distributed symmetricencryption.

FIG. 7A shows a hybrid sequence diagram for a first part of an exemplarymethod of adaptive attack resistant distributed symmetric decryption.

FIG. 7B shows a hybrid sequence diagram for a second part of anexemplary method of adaptive attack resistant distributed symmetricdecryption.

FIG. 8 shows an exemplary computer system according to some embodiments.

DETAILED DESCRIPTION

Some embodiments are directed to improvements to distributed symmetriccryptography including both distributed symmetric encryption anddistributed symmetric decryption as services. These improvements includethe use of multiple distinct secret values and multiple distinct secretshares derived from those secret values. As explained further below, theuse of multiple secret shares can make the distributed symmetriccryptographic system resistant to adaptive attack.

Before describing embodiments in more detail, it may be helpful tobriefly summarize static, dynamic, and adaptive attacks. In a staticattack, an attacker attempts or may succeed in compromising one or morecryptographic devices simultaneously (or nearly simultaneously) at asingle instance in time. However, attackers will often make multipleattempts to compromise devices over a period of time.

By contrast, in a dynamic attack, an attacker may attempt or succeed incompromising one or more cryptographic devices over a period of time. Anattacker may compromise a single cryptographic device, use thecryptographic device to participate in cryptographic operations, thenlater compromise another cryptographic device, and so on. An adaptiveattack is a variation of a dynamic attack in which the attacker adaptsor otherwise modifies their attacking behavior over a period of time.For example, the attacker can use information gathered duringcryptographic operations to in order to modify their attacking behavior.

For example, in a distributed cryptography system comprising fourcryptographic devices, “A,” “B,” “C,” and “D,” an attacker could firstattack and compromise cryptographic device “A.” Compromisedcryptographic device “A” could participate in distributed cryptographicoperations (without revealing its compromised nature). At a later time,the attacker could choose to attack either device “B,” “C,” or “D” basedon the results of these cryptographic operations.

Typically, in an adaptive attack, an attacker has more flexibility thanin a static attack. This puts an adaptive attacker at a relativeadvantage when compared to a static attacker. As such, adaptive attackshave a higher probability of successfully breaching distributedsymmetric cryptography systems than static attacks. Further, while somedistributed symmetric cryptography systems are proven to be secureagainst static attacks, they are not proven to be secure against dynamicattacks. This potential vulnerability may allow attackers or othermalicious entities to acquire and decrypt sensitive encryptedinformation (e.g., medical records or financial information).

However, as described above, some embodiments perform distributedsymmetric cryptography using multiple distinct secret shares stored onthe cryptographic devices. The use of multiple secret shares is asecurity improvement over conventional distributed symmetriccryptosystems, as it protects the distributed symmetric cryptographysystem from adaptive attack.

In some embodiments, a client computer and a plurality of cryptographicdevices in a network of cryptographic devices can work together toencrypt a message or decrypt ciphertext. Not all cryptographic devicesin the network of cryptographic devices necessarily need to participate,instead only a threshold number of cryptographic devices need toparticipate. For example, in a network of ten cryptographic devices,perhaps only seven cryptographic devices may need to participate. Thisproperty may be referred to as “t-out-of-n” (e.g., 7-out-of-10)threshold authenticated encryption.

During distributed symmetric encryption, the client computer cangenerate a first commitment and a second commitment using a first hashfunction, a second hash function, a message, and optionally a randomvalue. The first commitment may comprise a hash of the message (or themessage and the random value) produced using the first hash function.The second commitment may comprise a hash of the message (or the messageand the random value) produced using the second hash function. Theclient computer may select these hash functions from a plurality of hashfunctions before generating the first and second commitments, e.g.,using a random selection process. The client computer can select aplurality of cryptographic devices to participate in the distributedsymmetric encryption operation, and can transmit the commitments tothese participating cryptographic devices.

Each cryptographic device can store multiple secret shares that are usedin distributed symmetric cryptography. Optionally, the cryptographicdevices can also store verification shares. In some embodiments, eachcryptographic device can store a first secret share and a second secretshare. The first secret share can be derived from a first secret valueand the second secret share can be derived from a second secret value.Each participating cryptographic device can generate a respective firstpartial computation using the first commitment and a respective firstsecret share. Likewise, each participating cryptographic device cangenerate a respective second partial computation using the secondcommitment and a respective second secret share. The participatingcryptographic devices can each produce a partial computation bycombining their respective first partial computations and second partialcomputations (e.g., by calculating a product of the first partialcomputation and the second partial computation).

By generating and combining multiple partial computations using multipleindependent secret shares, the cryptographic devices protect thosesecret shares in order to prevent them from being determined by anadaptive attacker. This may not be the case in a distributedcryptographic system in which each cryptographic device possesses only asingle secret share. When only a single secret share is used to generatea partial computation, an adaptive attacker may be able to identifycorrelations from the partial computation because there is exactly onesecret that could produce that partial computation. By contrast, whenmultiple secret shares are used to generate a partial computation, theremay be an exponential number of pairs of first secret shares and secondsecret shares that could produce that same partial computation. As ananalogy, the equation X+2=7 has only one solution (X=5), while theequation X+Y+2=7 has an infinite number of solutions for the pair (X, Y)as it is an underdetermined system (i.e., there are less equations thanvariables in the system). The first equation is analogous to the casewhere each cryptographic device possesses only a single secret share,while the second equation is analogous to the case where eachcryptographic device possesses two secret shares.

Optionally, the cryptographic devices can generate a plurality ofpartial signatures using the first commitment and/or the secondcommitment and their respective verification shares. These verificationshares may correspond or be derived from a verification value. Thepartial signatures can be combined by the client computer to produce averification signature. At a later time (e.g., during a decryptionoperation), the client computer can provide the verification signatureto the cryptographic devices. The cryptographic devices can use theverification signature to verify the legitimacy of the client computer'srequest.

After generating the plurality of partial computations, theparticipating cryptographic devices can transmit the plurality ofpartial computations (and optionally the plurality of partialsignatures) to the client computer. The client computer can combine orotherwise use the plurality of partial computations to generate acryptographic key, and combine the plurality of partial signatures togenerate a verification signature. The client computer can use thecryptographic key to encrypt the message to produce a ciphertext, thenproduce a payload comprising the ciphertext and other information (forexample, the first and second commitments, a random value used togenerate the first and second commitments, the verification signature, ahash identifier, etc.) A hash identifier may be used to identify thefirst and second hash functions used to generate the first and secondcommitment respectively.

The client computer may perform additional steps during the decryptionprocess, such as verifying the partial computations received from thecryptographic devices. The client computer may verify these partialcomputations using check values corresponding to the secret shares usedto generate the partial computations. This verification may be performedusing an HVZK proof.

To decrypt the ciphertext, a client computer (which may be the sameclient computer that encrypted the message or a different clientcomputer) may transmit the first commitment and the second commitment(and optionally the verification signature) to an additional pluralityof cryptographic devices. This additional plurality of cryptographicdevices may also comprise a threshold number of cryptographic devices.None, some, or all of the additional cryptographic devices may be thesame as the plurality of cryptographic devices that participated inencryption. Each cryptographic device of the additional plurality ofcryptographic devices may possess a first secret share and a secondsecret share, a verification share, and a verification key. Theverification key may comprise a public key corresponding to averification value comprising a private key.

Optionally, the additional plurality of cryptographic devices may verifythe verification signature using the verification key. If theverification signature is legitimate, the additional plurality ofcryptographic devices may generate an additional plurality of partialcomputations and transmit the additional plurality of partialcomputations to the client computer. The client computer may use theadditional plurality of partial computations to generate a cryptographickey, then use the cryptographic key to decrypt the ciphertext andproduce the message. In these ways, the client computer andcryptographic devices may perform distributed symmetric decryption.

Some embodiments are described in more detail below with reference tothe figures. Concepts such as secret sharing and distributedpseudorandom functions are described in Section I. An exemplarydistributed cryptographic network is described in Section II withreference to FIG. 1. An exemplary client computer is described inSection II with reference to FIG. 2. An exemplary cryptographic deviceis described in Section II with reference to FIG. 3. Exemplary systemsand methods for secret share distribution are described in Section IIIwith reference to FIGS. 4 and 5. Methods of adaptive attack resistantdistributed symmetric cryptography are described in Sections IV withreference to FIGS. 6A, 6B, 7A, and 7B. A computer system is described inSection V with reference to FIG. 8.

I. Distributed Symmetric Cryptography Overview

Some embodiments may make use of secret sharing, pseudorandom functions,and distributed pseudorandom functions in order to implement distributedsymmetric cryptography. These concepts are described in more detailbelow.

A. Secret Shares and Verification Shares

As stated above, secret shares may be derived from shared secrets (alsoreferred to as secret values). The secret shares may be used to performcryptographic operations. For example, secret shares may be used togenerate a cryptographic key. Secret shares may be combined in somemanner in order to reproduce the shared secret from which those secretshares were derived. Using secret shares may be preferable to using asingle secret value in some cryptographic applications, because amalicious user must steal multiple secret shares in order to reproduceand obtain the shared secret. By contrast, in a non-distributedcryptosystem, the malicious user only needs to steal one secret value inorder to obtain it.

Verification shares can be similar to secret shares. Verification sharesmay correspond to a verification value, similar to how secret sharescorrespond to a secret value. Verification shares may be combined insome manner to reproduce a verification value. In some embodiments,methods used to generate, distribute, or combine verification shares mayalso be used to generate, distribute or combine verification shares.

Verification shares may be used to produce a verification signature,which may be used to verify distributed symmetric cryptographicoperations. As an example, in some embodiments, cryptographic devicesverify a verification signature during distributed symmetric decryption.The presence of the verification signature indicates to thecryptographic devices that the client computer is performing adecryption operation.

Secret shares and verification shares may possess some useful optionalproperties. One such property is the “t-out-of-n” property. Thisproperty indicates that t secret shares or verification shares out of atotal of n secret shares or verification shares are sufficient toreproduce the secret value or verification value. It may not matterwhich secret shares are used to reproduce the secret value, only that atleast t secret shares are needed.

There are many techniques that can be used to implement secret sharing,particular t-out-of-n secret sharing. Shamir's secret sharing scheme isone non-limiting example discussed below. However, other appropriatesecret sharing techniques are equally applicable (e.g., Blakley'sscheme, the Chinese Remainder Theorem, etc.).

Generally, Shamir's secret sharing involves encoding a secret value (oralternatively, a verification value) into the coefficients of apolynomial P(x)=a₀+a₁x+a₂x²+ . . . +a_(k)x^(k). The secret shares orverification shares can comprise distinct points (paired x, P(x) values)on the polynomial. The shared secret or verification value can beobtained from the secret shares or verification shares by interpolatingthe polynomial using the secret shares or verification shares. Lagrangeinterpolation is one method that can be used.

A polynomial P(x) of degree k can comprise k+1 coefficients a₀, a₁, . .. , a_(k). While the secret value or verification value can be encodedinto any coefficient, it is sometimes preferable to encode the secretvalue or verification value into the zeroth order coefficient a₀. Thesecret value or verification value can be encoded into the zeroth ordercoefficient a₀ by using the secret value or verification value as thecoefficient a₀ in the polynomial P(x). The value of the othercoefficients a₁, a₂, . . . , a_(k) may be selected in any appropriatemanner (e.g., randomly). If the secret value S is encoded into thezeroth order coefficient a₀, the polynomial P(x) evaluated at x=0 isequal to the shared secret i.e., P(0)=a₀=S.

Shamir's secret sharing uses the fact that k+1 unique points are neededto uniquely define a polynomial P(x) of degree k. Once P(x) is uniquelydefined, P(x) can be evaluated at a particular value of x (e.g., x=0) inorder to determine the secret value. Thus k+1 is the minimum orthreshold number of points t needed to interpolate the polynomial anddetermine the secret value or verification value. When secret shares aredistributed to a plurality of cryptographic devices, at least athreshold number t of those cryptographic devices must participate inorder to reach the threshold number of secret shares.

Further, because the secret values (or verification shares) comprisepoints on a polynomial (of which there are infinite), Shamir's secretsharing can provide for an arbitrarily large number of secret shares forany given threshold. This means that networks of cryptographic devicescan possess an arbitrarily large number of cryptographic devices for anygiven threshold.

As stated above, in some embodiments, cryptographic devices may possessa first secret share and a second secret share, derived from a firstsecret value and a second secret value respectively. This could beaccomplished by encoding the first secret value into a first polynomialP₁(x) and the second secret value into a second polynomial P₂(x) (asdescribed above), then sampling P₁(x) to produce a point comprising thefirst secret share and sampling P₂(x) to produce a point comprising thesecond secret share. The polynomials can be sampled at any value of x,other than x=0, and provided that no two cryptographic devices receivesecret shares corresponding to the same value of x.

One technique that can be used is using unique serial numbers or deviceidentifier corresponding to particular cryptographic devices as valuesof x. A cryptographic device with serial number “18723” may receive asecret share (x, P(x)) comprising (18723, P(18723)), while acryptographic device with a serial number “99123” may receive a secretshare comprising (99123, P(99123)). Because the serial numbers or deviceidentifiers are unique, two cryptographic devices are guaranteed topossess different secret shares.

B. Lagrange Interpolation

An example of Lagrange interpolation is now discussed. A polynomialP(x), and consequently a secret value (or verification value) S can bedetermined using Lagrange interpolation, which can be used to relatesecret shares or verification shares comprising paired (x_(j), P(x_(j)))values to the polynomial P(x). The pair (x_(j), P(x_(j))) corresponds tothe j^(th) secret share. The Lagrange form of a polynomial is given bythe following formula:P(x)=Σ_(j=0) ^(k) P(x _(j))l _(j)(x)  (1)

Where l_(j)(x) is the j^(th) Lagrange basis polynomial (i.e.,corresponding to the j^(th) secret share). The Lagrange basis polynomiall_(j)(x) is defined by the following formula:

$\begin{matrix}{{l_{j}(x)} = {\prod{\underset{p \neq j}{0 \leq p \leq k}\frac{x - x_{p}}{x_{j} - x_{p}}}}} & (2)\end{matrix}$

Where x_(j) is the x value corresponding to the j^(th) secret share (orverification value) and x_(p) is the x value of the p^(th) secret share(or verification value).

Because P(0) equals the zeroth order coefficient a₀, if the secret valueor verification value S is encoded into a₀, the preceding formulas canbe simplified by substituting x=0:

$\begin{matrix}{l_{j} \approx {\prod{\underset{p \neq j}{0 \leq p \leq k}\frac{- x_{p}}{x_{j} - x_{p}}}}} & (3) \\{S = {a_{0} = {\sum\limits_{j = 0}^{k}{{P\left( x_{j} \right)}l_{j}}}}} & (4)\end{matrix}$

Shamir's secret sharing can be used to distribute secret shares orverification values to a number of cryptographic devices. These secretshares or verification shares may comprise unique points given as pairedvalues (x_(j), P(x_(j))). Using a threshold number of these secretshares or verification values, the Lagrange coefficients can becalculated and used along with the values P(x_(j)) to determine thesecret value (or verification value) S, as shown above.

Notably, the Lagrange coefficients l_(j) are dependent only on thevalues of x corresponding to the cryptographic devices. As stated above,these values of x may comprise unique serial numbers or identificationnumbers corresponding to each cryptographic device, and thus may beknown in advance of the generation of any polynomials. Thus the Lagrangecoefficients l_(j) corresponding to each cryptographic device can bepre-calculated.

Further, because the Lagrange coefficients are independent of anypolynomial P(x), a single Lagrange coefficient can be used for multipledistinct polynomials P₁(x) and P₂(x). As a result, a single Lagrangecoefficient can correspond to a cryptographic device possessing anynumber of secret shares derived from any number of distinct secretvalues.

Using Shamir's secret sharing, a secret value or verification value canbe reconstructed regardless of which secret shares or verificationshares are used. Thus different cryptographic devices can participate inthe distributed cryptographic operation each time and still produce thesame shared secret or verification value. However, it is sometimespreferable to produce a value derived from either the shared secret orverification value, rather than the secret value or verification valueitself, in order to protect or obscure the secret value or verificationvalue. This can be accomplished using distributed pseudorandomfunctions, as described below.

C. Pseudorandom and Distributed Pseudorandom Functions

A pseudorandom function is a function that produces an output where therelationship between the input and the output appears random. Theadvantage of using pseudorandom functions is that it is difficult todetermine the input given the output, and thus pseudorandom functionscan be used to obscure inputs.

In a hypothetical cryptographic application, a secret value S couldcomprise a cryptographic key. The secret value S could be used toencrypt or decrypt data, when and if it is reconstructed from itsconstituent secret shares s₀, s₁, . . . , s_(t). However, this may beundesirable, because after the shared secret is reconstructed, theshared secret could be stolen and used by a malicious participant (e.g.,a malicious client computer or malicious cryptographic device). Instead,it may be preferable to use the shared secret as an input to apseudorandom function, then use the output of the pseudorandom functionto generate a cryptographic key. In this way the secret value S is notexposed to an attacker or other malicious user.

A distributed pseudorandom function may refer to a pseudorandom functionthat can be calculated in a distributed manner. As an example, aplurality of cryptographic devices may calculate a plurality of partialcomputations. These partial computations may be combined to produce theoutput of a pseudorandom function. The combination of those partialcombinations may be equivalent to the output of a correspondingnon-distributed pseudorandom function (e.g., one where a singlecryptographic device directly produces the output of a pseudorandomfunction).

Any pseudorandom function that appears random and is consistent can beused as the basis for a distributed pseudorandom function. Notableexamples of pseudorandom functions are hash functions, the advancedencryption standard (AES) cryptosystem and elliptic curve cryptosystems.Elliptic curve cryptography will be described below for the purpose ofillustrating some embodiments, however, it should be understood thatembodiments can be practiced with any appropriate pseudorandom function.

An elliptic curve is any curve satisfying the equation y²=x³+ax+b.Elliptic curve cryptography is usually performed using elliptic curvesover finite fields. An example of a finite field is integers mod p,where p is a prime number. Integers mod p comprises every integer from 0to p−1. An elliptic curve group may be defined by its order q, thenumber of elements within the group. The decisional Diffie-Hellmanassumption holds under these elliptic curve groups.

Elliptic curve cryptosystems, like many other cryptosystems, relies onmathematical problems which have computationally infeasible solutions.With elliptic curve cryptography, there is currently no efficientsolution to the “elliptic curve discrete logarithm problem.” Given anoriginal point A on an elliptic curve and a product point C on anelliptic curve, it is sufficiently difficult to determine a multiplicandpoint B, such that the point multiplication A*B=C holds. A practicalresult is that as long as B is kept secret, a message can be convertedinto a point A and point-multiplied with a point B in order to produce aproduct point C.

The decisional Diffie-Hellman assumption states that in a multiplicativegroup G of prime order p with generator g, that for random andindependent a and b, the values g^(a), g^(b) and g^(ab) all appear to berandom elements selected from the group G. In other words, it isdifficult to determine the multiplicative relationship between g^(a),g^(b) and g^(ab) (i.e., that g^(ab) equals the product of g^(a) andg^(b)).

Practically, two points on an elliptic curve can be multiplied toproduce a third point, and the relationship between the two points andthe third point appears random. So if some value can be represented as apoint, that value can be point multiplied by another value to produce athird value, and the relationship between those three values appearsrandom. Thus elliptic curves can be used as a pseudorandom functionalbasis for distributed pseudorandom functions.

D. Applications

In some embodiments, elliptic curve cryptography can be used to encrypta first commitment H₁(m) and a second commitment H₂(m) (i.e., hashvalues corresponding to an input message m) using a plurality of secretshares. These encrypted commitments may be referred to as partialcomputations. As shown below, the partial computations can be combinedto produce one value that is equivalent to the first commitment H₁(m)encrypted using a first secret value S₁, and a second value that isequivalent to the second commitment H₂(m) encrypted using a secondsecret value S₂, demonstrating that elliptic curve cryptography can beused as a distributed pseudorandom function.

The term H_(n)(m)^(Sn) may be used to represent the n^(th) commitmentH_(n)(m) encrypted using the n^(th) secret value S_(n) using ellipticcurve cryptography (e.g., the first commitment encrypted using the firstsecret value or the second commitment encrypted using the second secretvalue). The term H_(n)(m)^(s) ^(n,i) may be used to represent thepartial computation comprising the n^(th) commitment H_(n)(m) encryptedusing the i^(th) secret share corresponding to the n^(th) commitments_(n,i). In elliptic curve cryptography, H_(n)(m)^(Sn) is equivalent topoint multiplying the n^(th) commitment H_(n)(m) by itself S_(n) times,and the partial computation H_(n)(m)^(s) ^(n,i) is equivalent to pointmultiplying the n^(th) commitment H_(n)(m) by itself s_(n,i) times.

The relationship between H(m)^(Sn) and H_(n)(m)^(s) ^(n,i) can be shownusing formula (4):H _(n)(m)^(s) ^(n) =H _(n)(m)^(Σ) ^(i=1) ^(t) ^(s) ^(n,i) ^(λ) ^(i)=Π_(i=1) ^(t)(H _(n)(m)^(s) ^(n,i) )^(λ) ^(i)   (5)

Where s_(n,i) is the i^(th) secret share corresponding to the n^(th)secret value and λ_(i) is the i^(th) Lagrange coefficient correspondingto the i^(th) cryptographic device (see formula (3)). Thus, the n^(th)commitment encrypted using the n^(th) secret value S_(n) (i.e.,H_(n)(m)^(Sn) is equal to the product of the n^(th) commitment encryptedusing the secret shares and exponentiated using the Lagrangecoefficients (H_(n)(m)^(s) ^(n,i) )^(λ) ^(i) . This illustrates one wayin which Shamir's secret sharing and elliptic curve cryptography can beused together to implement distributed pseudorandom functionality.

Further, because one set of Lagrange coefficients can be used for anynumber of polynomials, partial computations corresponding to differentcommitments and secret shares can be combined prior to calculating thedistributed pseudorandom function. For example, a first partialcomputation and a second partial computation can be combined bycalculating the product of the two partial computations:H ₁(m)^(s) ^(1,i) *H ₂(m)^(s) ^(2,i)   (6)

Where H₁ (m)^(s) ^(1,t) is the first commitment encrypted using thefirst secret share corresponding to the i^(th) cryptographic device, andH₂(m)^(s) ^(2,i) is the second commitment encrypted using the secondsecret share corresponding to the i^(th) cryptographic device.

Substituting this combination for the partial computation H_(n)(m)^(s)^(n,i) in equation (5) produces:Π_(i=1) ^(t)(H ₁(m)^(s) ^(1,i) *H ₂(m)^(s) ^(2,i) )^(λ) ^(i) =Π_(i=1)^(t) H ₁(m)^(λ) ^(i) ^(s) ^(1,i) *H ₂(m)^(λ) ^(i) ^(s) ^(2,i)Π_(i=1) ^(t) H ₁(m)^(λ) ^(i) ^(s) ^(1,i) *H ₂(m)^(λ) ^(i) ^(s) ^(2,i)=Π_(i=1) ^(t) H ₁(m)^(λ) ^(i) ^(s) ^(1,i) *Π_(i=1) ^(t) H ₂(m)^(λ) ^(i)^(s) ^(2,i)Π_(i=1) ^(t) H ₁(m)^(λ) ^(i) ^(s) ^(1,i) *Π_(i=1) ^(t) H ₂(m)^(λ) ^(i)^(s) ^(2,i) =H ₁(m)^(S) ¹ *H ₂(m)^(S) ²

Thus the output of the distributed pseudorandom function with multipliedpartial combination inputs (e.g., as in equation (6)) is equivalent tothe product of the partial combination outputs. Further, the firstsecret value S₁ and the second secret value S₂ are obscured by thisproduct. Knowing the value of the first commitment H_(i) (m), the secondcommitment H₂(m), and the product H₁(m)^(s) ¹ *H₂(m)^(S) ² is notsufficient to determine the first secret value S₁ or the second secretvalue S₂, as there are an infinite number of S₁, S₂ pairs that couldproduce the product given the first commitment and the secondcommitment. In this way the secret values and secret shares areprotected even from adaptive attackers.

In some embodiments, a client computer can use the output of thedistributed pseudorandom function to generate a cryptographic key thatcan be used for encryption and decryption. Provided consistentcommitments are used for encryption and decryption, the samecryptographic key can be generated and used for encrypting messages anddecrypting corresponding ciphertext.

To summarize in context of some embodiments, each cryptographic devicecan possess two secret shares s_(1,i) and s_(2,i) corresponding to twodistinct secret values. A threshold number of cryptographic devices canparticipate in a multi-party cryptographic operation. A client computermay possess a message m that the client computer wants to encrypt. Theclient computer may generate two commitments of the message using twodistinct hash function H₁(m) and H₂(m), and transmit the commitments tothe participating cryptographic devices. The participating cryptographicdevices may each use their corresponding secret shares s_(1,i) ands_(2,i) to encrypt the commitments H₁(m) and H₂(m), each cryptographicdevice producing a first partial computation H₁(m)^(s) ^(1,i) and asecond partial computation H₂(m)^(s) ^(2,i) in the process. Thecryptographic devices may combine their respective first and secondpartial computations (e.g., by calculating the product H₁(m)^(s) ^(1,i)*H₂(m)^(s) ^(2,i) ) to produce a respective partial computation.

Subsequently, the participating cryptographic devices may transmit theplurality of partial computations H₁(m)^(s) ^(1,2) *H₂(m)^(s) ^(2,i) tothe client computer. The client computer may determine Lagrangecoefficients corresponding to the plurality of partial computationsH₁(m)^(s) ^(1,i) *H₂(m)^(s) ^(2,i) . The client computer mayexponentiate the plurality of partial computations with theircorresponding Lagrange coefficients λ_(i) to produce a plurality ofintermediate computations. The client computer may combine theintermediate computations by calculating their product. The product ofthe intermediate calculations may be equivalent to the products of thefirst commitment H₁(m) and the second commitment H₂(m) encrypted usingthe first secret value and the second secret value respectively (i.e.,H₁(m)^(S) ¹ *H₂(m)^(S) ² ). The product of the intermediate calculationsmay be used as a key generation seed in order to generate acryptographic key. The cryptographic key may be used to encrypt theclient computer's message and produce a ciphertext. When the ciphertextis to be decrypted, the same process may occur and the samecryptographic key may result. The ciphertext may be decrypted with thecryptographic key, generating the message m.

In some embodiments, verification signatures can be produced usingsimilar methods. A client computer may transmit a commitment H_(n)(m)(or multiple commitments) of a message m to a plurality of cryptographicdevices. The plurality of cryptographic devices may use elliptic curvecryptography to encrypt the commitment H_(n)(m) using each of theirrespective verification shares to produce a plurality of partialsignatures. The plurality of cryptographic devices may transmit theplurality of partial signatures to the client computer. The clientcomputer may determine a plurality of Lagrange coefficients λ_(i)corresponding to the plurality of partial signatures, then exponentiateeach partial signature using its corresponding Lagrange coefficient toproduce a plurality of intermediate signatures. The client computer maygenerate a verification signature as the product of the plurality ofintermediate signatures. The verification signature may be equivalent tothe commitment H_(n)(m) encrypted using the verification value. In someembodiments, partial signatures may be produced with only a singlecommitment, such as the first commitment or the second commitment. Inothers, partial signatures may be produced using both a first commitmentand a second commitment, analogous to the generation of partialcomputations described above.

The verification value and a verification key may comprise an asymmetriccryptographic key pair. That is, the verification value may comprise asecret or private cryptographic key, and the verification key maycomprise a public cryptographic key, or vis versa. To verify averification signature, a cryptographic device may decrypt theverification signature using the verification key to produce the firstcommitment, the second commitment, or a combination thereof. If theresulting commitment matches a commitment received from the clientcomputer, the verification signature is legitimate.

The preceding example was intended as one non-limiting example of howshared secrets and distributed pseudorandom function may be used toperform distributed symmetric cryptography according to someembodiments. Embodiments may use any appropriate pseudorandom function(such as AES, hash functions, etc.) as well as any appropriate secretsharing techniques (e.g., Blakley's scheme, the Chinese RemainderTheorem, etc.).

II. Distributed Cryptographic Network

A. System Block Diagram

FIG. 1 shows a system block diagram of an exemplary distributedcryptography network 100 according to some embodiments. The exemplarydistributed cryptography network may comprise cryptographic devices102-108, client computers 110 and 112, unsecured network 114, trustedexternal server 116, and optionally proxy device 118.

Although only four cryptographic devices 102-108 are shown, embodimentscan be practiced with any number of cryptographic devices. Likewise,although only two client computers 110 and 112 are shown, embodimentscan be practiced with any number of client computers.

The computers and devices of FIG. 1 may communicated with each other viaa communication network, which can take any suitable form, and mayinclude any one and/or the combination of the following: a directinterconnection; the Internet; a Local Area Network (LAN); aMetropolitan Area Network (MAN); an Operating Missions as Nodes on theInternet (OMNI); a secured custom connection; a Wide Area Network (WAN);a wireless network (e.g., employing protocols such as, but not limitedto a Wireless Application Protocol (WAP), I-mode, and/or the like);and/or the like. Messages between the computers and devices may betransmitted using a secure communications protocol, such as, but notlimited to, File Transfer Protocol (FTP); HyperText Transfer Protocol(HTTP); Secure HyperText Transfer Protocol (HTTPS); Secure Socket Layer(SSL), ISO (e.g., ISO 8583) and/or the like.

The distributed cryptography network may enable client computers 110 and112 to encrypt messages or decrypt ciphertext using cryptographicmaterials (secret shares) securely stored by cryptographic devices102-108. Client computers 110 and 112 may communicate with cryptographicdevices 102-108 either directly, via a network (such as the Internet orunsecured network 114) or via an optional proxy device 118. The clientcomputers 110-112 may possess messages to be encrypted (“plaintextmessages” or “plaintext”) or decrypted (“ciphertext messages” or“ciphertext”), as well as hardware, software, code, or instructions thatenable client computers 110-112 to participate in distributed symmetriccryptographic processes.

Each cryptographic device 102-108 may possess multiple secret shares(e.g., a first secret share and a second secret share) and mayoptionally possess a verification share. The secret shares andverification shares may be derived from multiple secret values (e.g., afirst secret value and a second secret value) and a verification value.The secret values and verification value may be shared among thecryptographic devices 102-108, e.g., secret shares and verificationshares may be derived from the secret values and the verification value.The verification value may correspond to a verification key that can beused by cryptographic devices 102-108 to verify verification signaturesproduced using verification shares. A threshold number of secret sharesmay allow the reconstruction of a secret value, and a threshold numberof the verification shares may allow the reconstruction of theverification value. The threshold number may be less than the totalnumber of cryptographic devices 102-108. For example, if there aretwenty cryptographic devices 102-108, the threshold number may be 14cryptographic devices, or any other appropriate number of cryptographicdevices.

The cryptographic devices 102-108 may be organized into a cryptographicdevice network. This cryptographic device network may comprise a localarea network connected to a larger computer network, such as theInternet or unsecured network 114. Communications between thecryptographic device network and external computers (e.g., clientcomputers 110 and 112) may be mediated by the proxy device 118, whichmay comprise a web server that communicates with client computers 110and 112 via any appropriate means (e.g., an Application ProgrammingInterface API).

A cryptographic device network may be organized into any appropriatenetworking structure. For example, a cryptographic device network maycomprise a “chain” structure, whereby the cryptographic devices areorganized into a linear sequence of cryptographic devices.Communications from a client computer 110 to one cryptographic device(e.g., cryptographic device 108) may pass through all the precedingcryptographic devices (e.g., cryptographic device 102-106) and proxydevice 118 before reaching the intended recipient (e.g., cryptographicdevice 108). Alternatively, the cryptographic device network maycomprise a “tree” structure, with different branches comprisingdifferent collections of cryptographic devices (e.g., one branch maycomprise cryptographic devices 102 and 104, and another branch maycomprise cryptographic devices 106 and 108). A cryptographic devicenetwork may comprise any number of proxy devices 118, which may act asproxies to cryptographic devices or other proxy devices 118.

Unsecured network 114 may comprise a computer network over which clientcomputers 110 and 112 communicate with one another. Unsecured network114 may comprise a network such as the Internet. A client computer suchas client computer 110 may communicate with cryptographic devices102-108 in order to encrypt a message, such that the encrypted messagecan be securely transmitted to client computer 112 via unsecured network114. Client computer 112 can then communicate with cryptographic devices102-108 in order to decrypt the message.

As an example, client computers 110 and 112 may comprise medical recordsystems in different hospitals. These hospitals may not be equipped toencrypt medical records on their own. As such, in order to comply withpatient confidentiality rules, these hospitals may use their respectiveclient computers 110 or 112 and cryptographic devices 102-108 to encryptmedical records before storing them in a medical record database. When amedical record needs to be decrypted (i.e., prior to a meeting between adoctor and the patient corresponding to that medical record), clientcomputer 110 or 112 can communicate with cryptographic devices 102-108in order to decrypt the medical record. As another example, if a patientis being transferred from the first hospital to the second hospital, theclient computer corresponding to the first hospital (e.g., clientcomputer 110) can transmit the encrypted medical record to the clientcomputer corresponding to the second hospital (e.g., client computer112). The client computer corresponding to the second hospital candecrypt the medical record using by communicating with cryptographicdevices 102-108, or a different set of cryptographic devices that areprovisioned using the same master key.

Trusted external server 116 may provide or otherwise provision secretshares and verification shares to cryptographic devices 102-108. Thetrusted external server 116 may additionally publish check values, whichmay be used by client computers 110 and 112 to verify partialcomputations received from any of cryptographic devices 102-108. Trustedexternal server 116 may communicate with cryptographic devices 102-108directly, via proxy device 118 or via unsecured network 114. Likewise,client computers 110 and 112 may retrieve the published check valuesfrom trusted external server 116 either directly, via proxy device 118,or via unsecured network 114.

B. Use of Multiple Secrets

As stated above, some embodiments use multiple secret values (e.g.,shared secrets) and multiple secret shares in order to safeguard thedistributed symmetric cryptosystem from adaptive attacks. Eachcryptographic device (e.g., cryptographic devices 102-108 in FIG. 1) canpossess multiple secret shares. For example, a cryptographic device i,can possess two secret shares: s_(1,i) and s_(2,i), derived fromindependently sampled secret values S₁ and S₂ respectively.

The cryptographic devices can use these secret shares, along withcommitments provided by client computers to generate partialcomputations. These partial computations can be generated as part of adistributed pseudorandom function. As described above in Section I, adistributed pseudorandom function may comprise a function that can becalculated in a distributed manner and produces outputs that appearrandom. Some cryptosystems, such as elliptic curve cryptography areexamples of pseudorandom functions. The function is distributed becausethe partial computations generated by each cryptographic device can becombined to produce a single output.

For example, a client computer may transmit a first commitment h₁ and asecond commitment h₂ to a plurality of cryptographic devices. Eachcryptographic device may generate two partial computations y_(1,i) andy_(2,i) using these commitments and their respective secret sharess_(1,i) and s_(2,i), where y_(n,i) is the n^(th) partial computationcorresponding to the i^(th) cryptographic device. The cryptographicdevices may use a DPRF.Eval function to generate these partialcomputations. In some embodiments, the partial computations may begenerated by encrypting each of the commitments using the respectivesecret share using elliptic curve cryptography. Mathematically, this canbe represented as y_(n,i)=h_(n) ^(s) ^(n,i) .

Each cryptographic device can then combine the partial computations itgenerated to produce a single partial computation. For example, ifcryptographic device i generated two partial computations y_(1,i)=h₁^(s) ^(1,i) and y_(2,i)=h₂ ^(s) ^(2,i) , it can combine those twopartial computations to produce a single partial computation y_(i). Thecryptographic devices may use a DPRF.Combine function for this purpose.In some embodiments, combining the partial computations may comprisecalculating a product of the partial computations, i.e.,y_(i)=y_(1,i)*y_(2,i)=h₁ ^(s) ^(1,i) *h₂ ^(s) ^(2,i) .

Each cryptographic device can send its combined partial computation tothe client computer, which can subsequently combine all those partialcomputations and use the result to generate a cryptographic key.Further, the secret shares s_(n,i) are hidden by the combination ofpartial computations performed by the cryptographic devices, preventinga malicious client computer or an eavesdropper from determining thesecret shares used to generate those partial computations.

After receiving the partial computations, the client computer cangenerate the cryptographic key or a cryptographic key seed by combiningthe partial computations y_(i) using its own DPRF. Combine function. TheDPRF.Combine function used by the client computer may be different fromthe DPRF.Combine function used by the cryptographic devices. The clientcomputer may combine the partial computations by first exponentiatingeach partial computation with its corresponding Lagrange coefficientλ_(i), i.e., y_(i) ^(λ) ^(i) =(h₁ ^(s) ^(1,i) *h₂ ^(s) ^(2,i) )^(λ) ^(i). The term y_(i) ^(λ) ^(i) may be referred to as an intermediatecomputation. The client computer may have previously received theseLagrange coefficients from a trusted external server (e.g., trustedexternal server 116 from FIG. 1) The client computer may then combinethe intermediate computations by calculating the product: y=Π_(i)y_(i)^(λ) ^(i) =Π_(i)=Π_(i)(h₁ ^(s) ^(1,i) *h₂ ^(s) ^(2,i) )^(λ) ^(i) . Theresulting value y may be used either as the cryptographic key or as aseed for a cryptographic key generating algorithm. The algorithm may inturn be used to generate the cryptographic key.

C. Client Computer

As described above, a client computer may comprise a computer systemthat communicates with a distributed symmetric cryptography system(e.g., a cryptographic device network) in order to encrypt messages ordecrypt ciphertext. A client computer may comprise a personal computeror a communication device associated with a user. These devices mayinclude, for example, laptops, desktop computers, smartphones, tablets,smart watches, PDAs, etc. A client computer may also comprise a servercomputer or mainframe computer associated with an organization (e.g., abusiness).

FIG. 2 shows an exemplary client computer 200. Client computer 200 maycomprise a processor 202, a communication interface 204, and a computerreadable medium 206.

1. Processing, Communicating, and Storing

Processor 202 may comprise any suitable data computation device ordevices. Processor 202 may be able to interpret code and carry outinstructions stored on computer readable medium 206. Processor 202 maycomprise a central processing unit (CPU) operating on a reducedinstructional set, and may comprise a single or multi-core processor.Processor 202 may include an arithmetic logic unit (ALU) and a cachememory, these components may be used by processor 202 in executing codeor other functions.

Communication interface 204 may comprise any interface by which clientcomputer 200 may communicate with other computers or devices. Examplesof communication interfaces include wired interfaces, such as USB,Ethernet, or FireWire. Examples also include interfaces used forwireless communication, such as a Bluetooth or Wi-Fi receiver. Clientcomputer 200 may possess multiple communication interfaces 204. As anexample, a client computer 200 comprising a smartphone may communicatethrough a micro USB port, a cellular receiver, a Bluetooth receiver, anda Wi-Fi receiver.

Client computer 200 may communicate with other devices or computers,using communication interface 204 via one or more secure andauthenticated point-to-point channels. These channels may use standardpublic-key infrastructure. For example, client computer 200 and acryptographic device may exchange a symmetric key and/or key shares viatheir communication interfaces. This key exchange may comprise aDiffie-Hellman key exchange. After exchanging cryptographic keys, clientcomputer 200 and the cryptographic devices may communicate over a publicchannel (such as an unsecured network) using a standard authenticatedencryption scheme to encrypt any message with the cryptographic key.Further authentication methods can also be used, e.g., digitalsignatures.

Computer readable medium 206 may comprise hardware that may possesscode, data, or instructions that can be interpreted by processor 202.Computer readable medium 206 may store or otherwise comprise a number ofsoftware modules, including a communication module 208, a random numbergeneration module 210, a commitment module 212, a selection module 214,a partial computation module 216, a cryptography module 218, and averification module 220.

2. Communication Module

Communication module 208 may comprise or include code, instructions,routines, subroutines, etc., that may be used by processor 202 in orderto enable the client computer 200 to communicate with other computers ordevices, including other client computers, cryptographic devices, andtrusted external servers, using any appropriate communications protocol.Communication module 208 may comprise code or instructions, executableby the processor 202 for sending, receiving, formatting, andinterpreting requests, messages, payloads and other data.

For example, communication module 208 may comprise code enabling theclient computer 200 to transmit requests for cryptographic services(e.g., encryption or decryption) to a plurality of client computers.These requests may include commitments, including a first commitment anda second commitment, verification signatures, random values, etc.

As another example, communication module 208 may comprise code enablingthe client computer 200 to format a payload comprising a ciphertext, afirst commitment, a second commitment, and optionally a random value, averification signature, and a hash indicator. Additionally,communication module 208 may comprise code enabling the client computer200 to transmit the payload to another client computer or otherrecipient. Likewise, communication module 208 may comprise code enablingthe client computer 200 to receive a payload comprising a ciphertext, afirst commitment, a second commitment, and optionally a random value, averification signature, and a hash indicator. Additionally,communication module 208 may comprise code enabling the client computer200 to interpret the elements of a message, request, or payload (e.g.,determine which element in the payload is the ciphertext, which elementis the first commitment, etc.).

3. Random Number Generation Module

Random number generation module 210 may comprise or include code,instructions, routines, subroutines, etc., that may be used by processor202 to generate random or pseudorandom numbers. These random number mayinclude cryptographically secure pseudorandom numbers, and the code maycomprise one or more pseudorandom number generation algorithms that meetthe requirements for cryptographic security. These requirements, mayinclude, for example, passing the “next bit test” and passing a “statecompromise extension test.” Examples of cryptographically secure randomnumber generators include the Yarrow, ChaCha20, and Fortuna algorithms,among others.

Random number generation module 210 may communicate with other modulesor hardware in client computer 200 for the purpose of generating randomor pseudorandom numbers. As an example, random number generation module210 may retrieve the system time (e.g., current year, month, day hour,etc.) in order to seed a pseudorandom number generation algorithm.

Random or pseudorandom numbers may be used to “blind” (i.e., obscure)messages for the purpose of encryption or generating commitments. Amessage may be combined in some manner with a random or pseudorandomnumber in order to obscure the message. As an example, a message “hello”may be concatenated with a random number 12345 to produce the blindedmessage “hello12345.” Alternatively, the bitwise exclusive-OR function(XOR) may be used to blind a message using a random number. By blindingmessages with random numbers, client computer 200 may protect itselfagainst some cryptographic attacks, including replay attacks.Accordingly, rather than generating a first commitment or secondcommitment H(m) based solely on a message m, client computer 200 maygenerate a commitment based on a message and a random value (e.g.,H(m|r)). Additionally, instead of encrypting a message m, clientcomputer 200 may encrypt the message m and the random value r.

4. Commitment Module

Commitment module 212 may comprise code or instructions used byprocessor 202 for selecting hash functions, generating commitments(e.g., a first commitment and a second commitment) using hash functions,and identifying or determining hash functions based on hash indicators.

Commitment module 212 may comprise a list or repository of differenthash functions (e.g., SHA-256, SHA3, BLAKE2, etc.) that can be used togenerate commitments. Commitment module 212 may comprise code enablingthe processor 202 to select any number of hash functions (e.g., two)from this list or repository. In some embodiments, commitment module 212may comprise code enabling the random selection of hash functions. Inothers, commitment module 212 may comprise code enabling selection ofhash functions according to any appropriate criteria (e.g., based onuser preference, security score, etc.)

Commitment module 212 may comprise code enabling the processor toexecute the selected hash functions using messages and random values asinputs. The resulting hash values may be used by the client computer ascommitments. The commitment module 212 may additionally comprise codeenabling the client computer 200 to verify the correctness of adecrypted message using the commitments. If commitments produced usingdecrypted ciphertext match commitments produced using the correspondingplaintext, the client computer can determine that a message was notmodified during encryption.

Further, commitment module 212 may comprise code enabling the processor202 to identify or determine hash functions based on hash indicators.Hash indicators may comprise identifiers that uniquely identify aparticular hash function. For example, the name of a hash function(e.g., “BLAKE2”) may be used to identify the corresponding hashfunction. The client computer 200 may use commitment module 212 toidentify the hash functions used to generate one or more commitmentsgenerated using a plaintext message in order to later verify thosecommitments using decrypted ciphertext.

5. Selection Module

Optional selection module 214 may comprise code or instructions used byprocessor 202 for selecting a threshold number of cryptographic devicesfrom cryptographic devices in the cryptographic device network. Thethreshold number of cryptographic devices may comprise the number ofcryptographic devices necessary to reproduce secret values and/or averification value from secret shares and verification shares stored onthose cryptographic devices. In some embodiments, client computer 200may not select cryptographic devices from cryptographic devices in thecryptographic device network. Instead, client computer 200 maycommunicate with a proxy device and the proxy device may perform theselection process. Alternatively, the participating cryptographicdevices may be pre-selected or static and the client computer 200 maynot need to select the participating cryptographic devices. As such,selection module 214 may be optional.

As an example, selection module 214 may comprise code implementing arandom selection algorithm. The selection module 214 could include alist of cryptographic devices in the cryptographic device network. Theselection module 214 could select, without replacement, from the listuntil a threshold number of cryptographic devices are selected.Alternatively, selection module 214 may comprise code that enablesrule-based cryptographic device selection. For example, the selectionmodule 214 may determine a threat score associated with eachcryptographic device. The threat scores may correspond to a likelihoodthat a given cryptographic device has been compromised by a hacker ormalicious user. The selection module 214 may select a threshold numberof cryptographic devices with the lowest threat scores, or randomlyselect from cryptographic devices with a threat score under a certainvalue.

As another alternative, the selection module 214 may comprise codeenabling the selection of cryptographic devices based on computationalload. Some cryptographic devices in the cryptographic device network mayalready be performing distributed symmetric cryptography on behalf ofother client computers, and as a result, may have a higher computationalload. The client computer 200 may use selection module 214 in order toselect a threshold number of cryptographic devices with a lowercomputational load in order to improve the throughput of the distributedsymmetric cryptography system.

6. Partial Computation Module

Partial computation module 216 may comprise code or instructions thatenable processor 202 to manipulate or process partial computations andintermediate computations in order to perform distributed symmetriccryptography. This may include generating intermediate computationsbased on partial computations and combining partial computations togenerate a cryptographic key or a key generation seed. Additionally,partial computation module 216 may comprise code enabling processor 202to generate verification signatures based on partial signatures.

Partial computation module 216 may comprise code enabling thecombination of partial computations and partial signatures using anyappropriate methods, functions, or algorithms. As on example, partialcomputations may be combined by calculating the sum or product (or anyother combination) of the partial computations. Partial computationmodule 216 may also comprise code enabling polynomial interpolation,such as the calculation of Lagrange coefficients. These Lagrangecoefficients may correspond to partial computations. Additionally,partial computation module 216 may comprise code enabling exponentiationand modular exponentiation. For example, client computer 200 may usepartial computation module 216 to calculate a plurality of Lagrangecoefficients corresponding to a plurality of partial computations.Client computer 200 may then use partial computation module 216 toexponentiate those partial computations using the plurality of Lagrangecoefficients in order to generate a plurality of intermediatecomputations. For example, partial computation module 216 may be used tocalculate intermediate computations y_(i) ^(λ) ^(i) using Lagrangecoefficient λ_(i) and partial computation y_(i). Subsequently, clientcomputer 200 may combine the partial computations by calculating theproduct of those intermediate computations y, i.e., y=Π_(i)y_(i) ^(λ)^(i) . The product of the intermediate computations y may be used as acryptographic key, or as a key generation seed. Client computer 200 canuse the cryptography module 218 to input this key generation seed into akey generation algorithm in order to produce a cryptographic key thatcan be used to encrypt or decrypt a message.

Likewise, commitment module 212 may comprise code enabling the clientcomputer 200 to generate verification signatures from partialsignatures, using techniques similar to the techniques used to generatethe key generation seed from partial computations, as described above(e.g., interpolation using Lagrange polynomials, and the like).

7. Cryptography Module

Cryptography module 218 may comprise code or instructions enablingprocessor 202 to generate cryptographic keys and perform othercryptographic operations, including the encryption of messages anddecryption of ciphertext using cryptographic keys. These cryptographickeys may be generated from key generation seeds. Key generation dependson the particular cryptosystem being used to perform cryptography. Forexample, for an “AES-128-CBC” cryptosystem (an AES block cipher with a128 bit key operating in cipher block chaining mode), a key generationalgorithm may accept a passphrase or key generation seed as an input andproduce a 128 bit key for an AES block cipher.

Client computer 200 may use cryptography module 218 to generatecryptographic keys used to encrypt messages or decrypt ciphertext. Thekey generation seed used by cryptography module 218 may be derived,wholly or in part, from partial computations received from cryptographicdevices. The key generation seed may comprise a product of intermediatecomputations generated by exponentiating partial computations usingtheir corresponding Lagrange coefficients. These partial computationsmay be generated by the cryptographic devices using a first commitmentreceived from the client computer 200, a second commitment received fromthe client computer 200, and a first secret share and second secretshare, as described above in Section I. Thus, the key generation seedand the cryptographic key may be derived indirectly from the secretshares, as the secret shares are used to generate the partialcomputations that are used to generate the intermediate computations,which can in turn be combined and used as the key generation seed.

8. Verification Module

Verification module 220 may comprise code or instructions, executable byprocessor 202 for verifying partial computations using check values.These check values may have been published by a trusted external server(e.g., trusted external server 116 from FIG. 1). Each check value maycorrespond to a secret share stored by a cryptographic device in acryptographic device network. Client computer 200 may use the code orinstructions stored in verification module 220 to execute an honestverifier zero knowledge (HVZK) proof in order to verify the legitimacyof the partial computations. Verification module 220 may comprise codeor instructions enabling any appropriate implementation of the HVZKproof, including Schnorr's protocol and Fiat-Shamir.

D. Cryptographic Device

FIG. 3 displays an exemplary cryptographic device 300 according to someembodiments. The cryptographic device 300 may comprise a computer orother device in a cryptographic device network. In some embodiments,cryptographic device 300 may comprise a server computer. Cryptographicdevice 300 may store multiple secret shares and verification shares,derived from multiple secret values and a verification value.Additionally, cryptographic device 300 may store a verification key usedto verify a verification signature. The secret shares and verificationshares may be used by the cryptographic device to generate partialcomputations and partial signatures using a distributed pseudorandomfunction. The partial computations may be used by a client computer togenerate a cryptographic key. The cryptographic key can be used by theclient computer to encrypt or decrypt messages. Cryptographic device 300may comprise a processor 302, a communication interface 304, and acomputer readable medium 306.

1. Processing, Communicating, and Storing

Processor 302 may comprise any suitable data computation device ordevices. Processor 302 may be able to interpret code and carry outinstructions stored on computer readable medium 306. Processor 302 maycomprise a central processing unit (CPU) operating on a reducedinstructional set, and may comprise a single or multi-core processor.Processor 302 may include an arithmetic logic unit (ALU) and a cachememory. These components may be used by processor 302 in executing codeor other functions.

Communications interface 304 may comprise any interface by whichcryptographic device 300 may communicate with other computers ordevices. Examples of communication interfaces include wired interfaces,such as USB, Ethernet, or FireWire. Examples also include interfacesused for wireless communication, such as a Bluetooth or Wi-Fi receiver.Cryptographic device 300 may possess multiple communication interfaces304, such as a micro USB port, an Ethernet port, a cellular receiver, aBluetooth receiver, etc.

Cryptographic device 300 may communicate with other devices or computersusing communication interface 304 via one or more secure andauthenticated point-to-point channels. These channels may use standardpublic-key infrastructure. For example, cryptographic device 300 and aclient computer may exchange a symmetric key via their communicationinterfaces. This key exchange may comprise a Diffie-Hellman keyexchange. After exchanging cryptographic keys, cryptographic device 300and the client computer may communicate over a public channel (such asan unsecured network) using a standard authenticated encryption schemeto encrypt any message with the cryptographic key. Furtherauthentication methods can also be used, e.g., digital signatures. Byperforming this key exchange, communications between cryptographicdevice 300 and a client computer client computer (e.g., commitments,partial computations, partial signatures, verification signatures, etc.)may be encrypted, allowing cryptographic device 300 and the clientcomputer to communicate securely over an unsecured network.

Computer readable medium 306 may comprise hardware that may possess orstore code, data or instructions that can be interpreted by processor302. Computer readable medium 306 may store or otherwise comprise anumber of software modules, including a communication module 308, adistributed pseudorandom function module 310, a verification module 312,and a secure memory 314. The secure memory element may store secretshares 316, a verification share 318, and a verification key 320.

2. Communication Module

Communication module 308 may comprise or include code or instructionsthat may be used by processor 302 to enable the cryptographic device 300to communicate with other computers or devices, including clientcomputers, proxy devices, and trusted external servers, using anyappropriate communications protocol. Communication module 308 maycomprise code or instructions, executable by the processor 302 forreceiving requests for cryptographic services from client computers(e.g., requests to perform encryption or decryption), receivingcommitments and verification signatures from client computers, andtransmitting partial computations and partial signatures to clientcomputers.

Additionally, communication module 308 may comprise code enabling thecryptographic device 300 to communicate with a trusted external serverand receive secret shares and verification shares from the trustedexternal server. The communications module 308 may enable thiscommunication during a secret share provisioning phase performed priorto distributed symmetric encryption or decryption.

3. Distributed Pseudorandom Function Module

The distributed pseudorandom function module 310 may comprise code forthe purpose of evaluating pseudorandom functions (PRFs) or distributedpseudorandom functions (DPRFs). This may include, for example,performing cryptographic operations associated with elliptic curvecryptography, block ciphers such as AES, or hash functions such asSHA-2.

As an example, the distributed pseudorandom function module 310 maycomprise code that may be used by processor 302 in order to implementelliptic curve cryptography under the decisional Diffie-Hellmanassumption. Elliptic curve cryptography may be used to generate partialcomputations based on commitments (e.g., a first commitment and a secondcommitment) and secret shares 316. These partial computations may becombined into a single partial computation, and transmitted to a clientcomputer. The client computer can use this partial computation, alongwith other partial computations received from other cryptographicdevices to produce a cryptographic key that can be used to encrypt amessage or decrypt ciphertext, for example, as described above inSection I.

Thus processor 302 may use the distributed pseudorandom function module310 in order to perform elliptic curve cryptography using a firstcommitment H₁(m) of a message m and a second commitment H₂(m) of themessage as inputs. Alternatively, the processor 302 may use thedistributed pseudorandom function module 310 to generate a firstcommitment H₁(m, r₁) and a second commitment H₂(m, r₂), using themessage m, and two independent random values r₁ and r₂ as inputs. Thesecommitments may be converted into points in an elliptic curve group,which may each be point multiplied by a respective secret multiplicand(e.g., a first secret share and a second secret share of secret shares316) to produce product points. The product points may comprise partialcomputations that may be combined into a single partial computation(e.g., by calculating the product) and transmitted to a client computer.Given the same commitment inputs and the same secret shares 316, theresulting partial computation will be the same, enabling the partialcomputation to be used to generate consistent encryption and decryptionkeys.

4. Verification Module

Verification module 312 may comprise code or instructions, executable byprocessor 302 for generating partial signatures and verifyingverification signatures. As stated above, verification signatures may beused by cryptographic device 300 to determine whether a client computeris making legitimate use of the distributed symmetric cryptographysystem, and whether the client computer is encrypting data or decryptingdata. The presence of a valid verification signature may indicate thatthe client computer is decrypting data, as the cryptographic device 300may verify the verification signature during distributed symmetricdecryption.

Verification module 312 may use a verification share 318 (stored insecure memory 314) in order to generate a partial signature from one ormore commitments (e.g., the first commitment and/or second commitment)received from a client computer. Verification module 312 may generatethe partial signature by encrypting the commitment using itscorresponding verification share 318 and elliptic curve cryptography.Alternatively, verification module 312 may generate the partialsignature by encrypting the commitment using its correspondingverification share 318 and any appropriate form of homomorphiccryptography. As another alternative, verification module 312 maygenerate the partial signature using one or more commitments, theverification share 318 and an appropriate message authentication code(MAC) algorithm.

The cryptographic device 300 may transmit the partial signature to theclient computer, which may also receive a number of other partialsignatures from other cryptographic devices. The client computer maycombine these partial signatures to generate a verification signature.The client computer may then store the verification signature. Atanother time, when the client computer wants to decrypt a ciphertext,the client computer may transmit the verification signature tocryptographic device 300. Cryptographic device 300 may then use theverification module 312 and a verification key 320 to verify theverification signature. Verification key 320 may correspond to averification value used to produce verification share 318 and otherverification shares belonging to other cryptographic devices. In someembodiments, verification key 320 and the verification value maycomprise an asymmetric key pair. As an example, verification key 320 maycomprise a public cryptographic key and the verification valuecorresponding to verification share 318 may comprise a privatecryptographic key.

A verification signature may comprise one or more commitments H_(n)(m)encrypted using the verification value. The verification signature maybe decrypted using verification key 320 to produce the one or morecommitment H_(n)(m). Cryptographic device 300 may use verificationmodule 312 in order to decrypt the verification signature usingverification key 320 and compare the resulting commitment to acommitment received from a client computer. If the two commitmentsmatch, the verification signature may be legitimate. Alternatively,cryptographic device 300 may use verification module 312 to verify averification signature using any other appropriate method, such as amethod based off pairing friendly elliptic curves, messageauthentication codes (MACs), hashed message authentication codes (HMACs)etc. Example techniques for verifying signatures can be found in: [1]Boldyreva A. (2003) “Threshold Signatures, Multisignatures and BlindSignatures Based on the Gap-Diffie-Hellman-Group Signature Scheme.” In:Desmedt Y. G. (eds) Public Key Cryptography—PKC 2003. PKC 2003. LectureNotes in Computer Science, vol 2567. Springer, Berlin, Heidelberg; [2]Victor Shoup. 2000. “Practical threshold signatures.” In Proceedings ofthe 19th international conference on Theory and application ofcryptographic techniques (EUROCRYPT'00). Springer-Verlag, Berlin,Heidelberg, 207-220; and [3] Naor M., Pinkas B., Reingold O. (1999)Distributed Pseudo-random Functions and KDCs. In: Stern J. (eds)Advances in Cryptology—EUROCRYPT'99. EUROCRYPT 1999. Lecture Notes inComputer Science, vol 1592. Springer, Berlin, Heidelberg.

5. Secure Memory

Secure memory 314 may comprise a memory region of computer readablemedium 306 or a standalone memory element. Secure memory 314 may storesensitive cryptographic materials in such a way that they are difficultto retrieve by an unauthorized outsider (e.g., a hacker). As an example,data stored in secure memory 314 may be stored in encrypted form. Thesecure memory 314 may store secret shares 316 derived from multiplesecret values (e.g., a first secret value and a second secret value).Additionally, secure memory 314 may store a verification share 318derived from a verification value, as well as a verification key 320corresponding to the verification value. Cryptographic device 300 mayuse secret share 316 to generate a partial computation that is used togenerate a cryptographic key. Likewise, cryptographic device 300 may useverification share 318 to derive a partial signature used to generate averification signature. Cryptographic device 300 may use verificationkey 320 to verify a verification signature generated from a plurality ofpartial signatures.

III. Generating and Distributing Secret Shares and Verification Values

Before describing methods for adaptive attack resistant symmetriccryptography, it may be helpful to describe methods that may be used todistribute secret shares and verification shares to cryptographicdevices in a cryptographic device network.

For the purposes of illustration, a non-limiting example of generationand distribution of secret shares and verification shares is describedbelow with reference to FIGS. 4 and 5. However, it should be understoodthat any appropriate method may be used to generate and distributesecret shares and verification shares to cryptographic devices.

FIG. 4 shows a secret and verification share distribution system 400comprising a trusted external server 402, a communication network 404and a cryptographic device network 412. The cryptographic device network412 may comprise an optional proxy device 406 and cryptographic devices408-410. Notably, although only two cryptographic devices 408 and 410are shown, the cryptographic device network 412 may comprise any numberof cryptographic devices.

The trusted external server 402 can comprise a server computer capableof generating and distributing secret shares, verification shares, andverification keys. The trusted external server 402 may be capable ofcommunicating with cryptographic devices 408-410 or proxy device 406 viacommunication network 404. The trusted external server 402 may possess aprocessor and a computer readable medium, and may be capable ofperforming any operations necessary to generate secret values, secretshares, verification values, or verification shares in accordance withany appropriate secret sharing scheme (e.g., using Shamir's secretsharing, as described above). As an example, the trusted external server402 could generate random numbers corresponding to the coefficients of afirst polynomial P₁(x) and a second polynomial P₂(x). Two of theserandom numbers (for example, the random number associated with thezeroth order coefficients of polynomial P₁(x) and P₂(x)) can beinterpreted as a first secret value and a second secret valuerespectively. In order to produce secret shares, the trusted externalserver 402 could evaluate the polynomials at distinct values of x. Forexample, by evaluating the polynomials at values of x corresponding toserial numbers or unique identifiers of cryptographic devices 408-410.Secret shares comprising the polynomials evaluated at their respectivevalues of x can be distributed to cryptographic devices 408-410 viacommunication network 404.

The communication network 404 may comprise a network such as theInternet or a cellular communication network by which devices,computers, and servers can communicate with one another. Thecommunication network 404 may be secure or unsecure. The trustedexternal server 402 may communicate with the cryptographic devicenetwork 412 via communication network 404, e.g., the trusted externalserver 402 may transmit secret shares, verification shares, andverification keys to the cryptographic device network via communicationnetwork 404.

The cryptographic device network 412 may comprise cryptographic devices408 and 410, as well as a proxy device 406. The proxy device 406 mayserve as a gateway that mediates communication between cryptographicdevices 408 and 410 and computers, devices, or servers external to thecryptographic device network 412 (e.g., trusted external server 402).Secret shares or verification shares may be transmitted by trustedexternal server 402 to proxy device 406 via communication network 404.Proxy device 406 may distribute the secret shares to their respectivecryptographic devices 408-410.

Cryptographic devices 408-410 may be substantially similar tocryptographic devices described above with reference to FIGS. 1 and 3.They may possess a processor, communication interface, and a computerreadable medium. The computer readable medium may possess or comprise anumber of software modules used by the cryptographic devices 408 and 410for performing distributed symmetric cryptography. The cryptographicdevices 408 and 410 may additionally comprise a secure memory element.The cryptographic devices 408 and 410 may store secret shares,verification shares, and verification keys received from trustedexternal server 402 in their respective secure memory elements.

FIG. 5 shows a sequence diagram detailing one exemplary method 500 bywhich secret shares, verification values, and verification keys could begenerated and distributed. It should be understood that embodiments canbe practiced with any appropriate method for generating and distributingsecret shares, verification shares, and verification keys, and thus theexemplary method of FIG. 5 is intended to be non-limiting. Although thecommunication network 404 from FIG. 4 is not explicitly shown,communications between the cryptographic device network 502 and trustedexternal server 504 may pass through a communications network. Likewise,although proxy device 406 from FIG. 4 is not shown, communications tothe cryptographic device network 502 may be received by a proxy deviceon behalf of the cryptographic device network 502.

Steps 506 and 508 are two steps of a handshaking procedure between thecryptographic device network 502 and the trusted external server 504.Some communication protocols, such as the transmission control protocol(TCP) use handshaking procedures to establish the rules orcharacteristics of future communications between the participatingcomputers. As an example, if communications between cryptographic devicenetwork 502 and trusted external server 504 are encrypted, steps 506 and508 may involve an exchange of encryption keys between the cryptographicdevice network 502 and trusted external server 504.

For example, the cryptographic device network 502 (or a proxy device)may possess a symmetric cryptographic key that can be used to encryptand decrypt messages sent between the cryptographic device network 502and the trusted external server 504. The trusted external server 504 maypossess a private key of a public-private key pair. The cryptographicdevice network 502 could use the public key of the public-private keypair to encrypt the symmetric cryptographic key, then transmit thesymmetric cryptographic key to the trusted external server 504. Usingthe private key, the trusted external server 504 can decrypt thesymmetric cryptographic key. At this point, both the cryptographicdevice network 502 and trusted external server 504 possess the symmetriccryptographic key. The cryptographic device network 502 and trustedexternal server 504 can use the symmetric cryptographic key to encryptand decrypt any future communications between them.

At step 510 the cryptographic device network 502 may transmitinformation necessary to complete the secret share and verificationshare generation and distribution process. This could includeinformation such as the number of devices in the cryptographic devicenetwork, the threshold number of devices for the cryptographic devicenetwork, address information, the number of secret shares requested perdevice (e.g., two) and any requested sampling values (such as the serialnumbers or unique identifiers of the cryptographic devices in thecryptographic device network 502. Address information may comprisedigital addresses associated with each cryptographic device in thecryptographic device network 502, such as IP addresses or MAC addresses.Requested sample values may correspond to particular values of x used tosample polynomials P_(n)(x) in order to generate secret shares orverification values. For example, a sample value may be the number 5,and the secret shares corresponding to that sample value may comprise(5, P₁(5)) and (5, P₂(5)).

As an example, in step 510, the cryptographic device network 502 couldtransmit a series of packets, each containing the requested samplevalue, and the address for each cryptographic device corresponding tothe requested sample value, such as the IP address or MAC address.Additionally, the packets may include information such as a TCP or UDPport on which to communicate with the cryptographic devices in thecryptographic device network 502.

At step 512 the trusted external server 504 can generate the secretvalues (e.g., a first secret value and a second secret value),verification value, and verification key. Methods by which the trustedexternal server 504 generate the secret values depend on the secretsharing methodology used, as well as the distributed pseudorandomfunction used during distributed symmetric cryptography. Likewise, themethod by which verification values and verification keys are generateddepend on the particular methods used to verify verification signaturesusing verification keys. In some embodiments, the first and secondsecret values may comprise random numbers, and the trusted externalserver 504 may generate the secret values using a cryptographicallysecure random number generator. In some embodiments, the verificationvalue and verification key may comprise an asymmetric key pair, and theverification value and verification key may be generated using anyappropriate means for generating asymmetric key pairs according to anyappropriate cryptosystem (e.g., RSA).

At step 514, the trusted external server 504 can generate multiplepolynomials corresponding to the secret values (e.g., a first polynomialcorresponding to a first secret value and a second polynomialcorresponding to the second secret value) as well as a polynomialcorresponding to the verification value. The trusted external server canencode the secret values into one of the coefficients of the theirrespective polynomials and encode the verification value into one of thecoefficients of the verification value polynomial. In some embodiments,the secret values and verification value may be encoded into the zerothorder coefficient of their respective polynomials. The trusted externalserver 504 may generate other coefficients of the polynomials (e.g., thefirst to n^(th) order coefficients) using any appropriate techniques.For example, the other coefficients may comprise random or pseudorandomnumbers.

Characteristics of the polynomials (e.g., how may coefficients toinclude) may be based wholly or in part on information received by thetrusted external server 504 in step 510 (e.g., the number of secretshares and verification shares). As described above, k+1 unique pointsare needed to uniquely define a polynomial of degree k. Thus the numberof coefficients in the first polynomial and the second polynomial may beequal to a threshold number of secret shares requested at step 510.Likewise, the number of coefficients in the verification valuepolynomial may be equal to a threshold number of verification sharesrequested at step 510.

At step 516, the trusted external server 504 may generate secret sharesand verification shares based on the corresponding polynomials. Thetrusted external server 504 may sample the first and second secret valuepolynomial and the verification share polynomial at unique values of xin order to produce corresponding values of P(x). These paired (x, P(x))values may comprise the secret shares. The x values may comprisepreferred sampling values provided to the trusted external server 504 atstep 510 (e.g., serial numbers or device identifiers associated with thecryptographic devices in cryptographic device network 502).

At step 518, the trusted external server 504 may publish check valuescorresponding to the secret shares. These check values may be used by aclient computer to verify partial computations received fromcryptographic devices in the cryptographic device network 502. Theclient computer may use these check values to perform an honest verifierzero knowledge (HVZK) proof in order to verify the partial computationswithout learning anything about the secret shares. A check value maycomprise a modular exponentiation of a generator g using the secretshares corresponding to each cryptographic device u_(i), v_(i), where gis the generator of the elliptic curve group G used to implementdistributed pseudorandom functionality, u_(i) is the first secret sharecorresponding to the i^(th) cryptographic device, and v_(i) is thesecond secret share corresponding to the i^(th) cryptographic device.That is, the check values corresponding to the i^(th) cryptographicdevice may comprise the pair g^(ui), g^(vi). The trusted external servermay publish these check values for each cryptographic device in thecryptographic device network 502. Publishing these check values maycomprise making these check values readily available to clientcomputers, e.g., by transmitting the check values to the clientcomputers, or by making the check values available on a publicwebserver.

At step 520 the trusted external server 504 may transmit the secretshares, verification shares, and verification key to cryptographicdevices in the cryptographic device network 502 using routing or addressinformation provided in step 510. In this way each cryptographic devicein the cryptographic device network 502 may receive its respectivesecret share and verification share, as well as the verification keycommon to all cryptographic devices.

The exemplary method of FIG. 5 is one non-limiting example of a secretshare generation and distribution process. There are numerous variationsthat may become apparent to one skilled in the art. As another example,the cryptographic devices could receive their respective secret sharesvia a cryptographic method such as oblivious transfer. As anotherexample, the cryptographic device network 502 could generate the secretshares without the assistance of a trusted external server 504 at all,by using methods such as secure multi-party computation.

IV. Attack Resistant Distributed Symmetric Cryptography

Adaptive attack resistant distributed symmetric cryptographic methodsare described below with reference to FIGS. 6-7. FIGS. 6A-6B show asequence diagram of an exemplary method used to perform distributedsymmetric encryption, while FIGS. 7A-7B show a sequence diagram of anexemplary method used to perform distributed symmetric decryption.

As described above, embodiments achieve adaptive attack resistance bygenerating multiple partial computations corresponding to multiplesecret shares (generated from multiple respective secret values). Insome embodiments, two secret values and two secret shares are used byeach cryptographic device, however, embodiments can be practiced withany plurality of secret values and secret shares. Partial computationsgenerated by the cryptographic devices (e.g., a first partialcomputation and a second partial computation) can be combined by thosecryptographic devices (e.g., by calculating the product of the partialcomputations) before transmitting the resulting single partialcomputation to the client computer. Even if the client computer (or amalicious eavesdropper) knows the commitments used to generate therespective partial computations and the resulting combination, theclient computer or malicious eavesdropper cannot determine the secretshares from this known information, because there are an exponentiallylarge number of combinations of potential secret shares that couldproduce the resulting combination. In this way, the secret shares arekept safe from attackers, even attackers using sophisticated adaptiveattacks.

As indicated above, in distributed symmetric operations, it may not bepossible for the cryptographic devices to determine whether the clientcomputer is encrypting a message or decrypting ciphertext. This isbecause distributed encryption and decryption is substantially the samefrom the perspective of the cryptographic devices: The client computertransmits a commitment to the cryptographic devices, the cryptographicdevices generate a partial computation, and the cryptographic devicesreturn the partial computation to the client computer. The clientcomputer then generates a cryptographic key based on the partialcomputations and uses the cryptographic key to encrypt a message ordecrypt ciphertext. As such, in distributed symmetric operations, it maynot be possible for the cryptographic devices to determine whether theclient computer is encrypting data or decrypting data. This in turnmakes it difficult to log the behavior of client computers, or preventmisuse by malicious client computers.

A. Encryption

FIG. 6A shows a first part of an exemplary method of adaptive attackresistant distributed symmetric encryption according to someembodiments. FIG. 6A shows a client computer 602, along with threecryptographic devices 604-608, along with a number of steps 610-616associated with the exemplary method. Although a proxy device andcommunications network are not shown, in some embodiments,communications between the client computer 602 and cryptographic devices604-608 may be mediated or transmitted via a proxy device and/or acommunications network.

At step 610, the client computer 602 can select a first hash function H₁and a second hash function H₂. These hash functions may be later used bythe client computer 602 to generate a first commitment and secondcommitment. The client computer 602 may select these hash functions froma plurality of hash functions. The client computer 602 may store a list,database, or other repository of hash functions in memory (for example,in a commitment module). The client computer 602 may select these hashfunctions using any appropriate methodology (e.g., based on thepreference of a client associated with the client computer, trustscores, etc.). In some embodiments, these hash functions may be selectedrandomly. Random selection of hash functions may be advantageous becauseit makes it difficult or impossible for an attacker to determine hashfunctions from their resulting commitments.

At step 612, the client computer 602 can generate a first commitment h₁and a second commitment h₂ using the first hash function H₁ and thesecond hash function H₂. The first commitment and second commitment canbe generated by providing a message m as the input to the first hashfunction and the second hash function respectively. In some embodiments,the commitments may additionally be generated using one or more randomvalues r. Rather than hashing the message alone, the client computer 602can hash the message in addition to the random value (e.g., byconcatenating the message and the random value). The random value mayobscure or hide the message, protecting it against some forms ofcryptographic attack (e.g., a replay attack).

At step 614, the client computer 602 may select a plurality ofcryptographic devices (e.g., a predetermined threshold number ofparticipating cryptographic devices). This threshold number ofcryptographic devices may comprise the minimum number of participatingcryptographic devices needed to perform distributed symmetric encryptionor may be all of the cryptographic devices provisioned with secretshares. In FIG. 6A, the client computer 602 selects cryptographicdevices 604 and 606. The client computer 602 may select theparticipating cryptographic devices via any appropriate means orselection criteria. For example, the client computer 602 may select theparticipating cryptographic devices randomly, or according to a trust orsecurity score. For example, a trust or security score may relate to thelikelihood that a particular cryptographic device has been compromisedby a hacker, or by the relative security of the hardware of thatcryptographic device (e.g., the trust score may depend on whether thecryptographic device possesses secure memory or a trusted platformmodule). The client computer 602 may select the participatingcryptographic devices using a proxy device (not shown). The clientcomputer 602 may transmit a request to the proxy device requesting athreshold number of participating cryptographic devices. The proxydevice may then select the participating cryptographic devices on behalfof the client computer 602.

At step 616, the client computer 602 can transmit an encryption requestincluding the first commitment h₁ and the second commitment h₂ to theplurality of participating cryptographic devices (i.e., cryptographicdevice 604 and cryptographic device 606). The client computer 602 maytransmit the request via a proxy device, such that the client computertransmits the first commitment and the second commitment to the proxydevice and the proxy device transmits the first commitment and thesecond commitment to the plurality of participating cryptographicdevices.

FIG. 6B shows the second part of the exemplary method of distributedsymmetric encryption according to some embodiments. At step 618, theparticipating cryptographic devices (i.e., cryptographic device 604 and606) can each generate a first partial computation y_(n,1) and a secondpartial computation y_(n,2). The participating cryptographic devices canthen combine their respective first and second partial computations toproduce a partial computation y_(n).

Each participating cryptographic device can generate their first partialcomputation y_(n,1) using a respective first secret share u_(n) and thefirst commitment h₁. The participating cryptographic devices maygenerate these first partial computations using a DPRF.Eval function,which evaluates a distributed pseudorandom function using the firstcommitment and the first secret share as arguments. In some embodiments,the distributed pseudorandom function may comprise an elliptic curvecryptographic function implementing elliptic curve cryptography. Thatis, the cryptographic devices may use the DPRF.Eval function to encryptthe first commitment using their respective first secret shares ascryptographic keys. In doing so, each cryptographic device 604 and 606may produce a first partial computation.

The second partial computations y_(n,2) can be generated using therespective second secret shares v_(n) and the second commitment h₂ in asimilar manner. As an example, the cryptographic devices 604 and 606 canuse a DPRF.Eval function (such as an elliptic curve cryptographyfunction) to encrypt the second commitment using the second secret shareas a cryptographic key, thereby producing the second partialcomputations.

As stated above, in some embodiments, the first partial computationy_(n,1) and the second partial computation y_(n,2) can be generated byevaluating a distributed pseudorandom function, such as an ellipticcurve cryptography function. This may comprise the cryptographic devices604 and 606 encrypting the first commitment h₁ and the second commitmenth₂ using the first secret share s_(n,1) and the second secret shareS_(n,2) to produce the first partial computation and the second partialcomputation respectively. In an elliptic curve cryptosystem, this maycomprise converting the first commitment and the second commitment intopoints in an elliptic curve group, then exponentiating those pointsusing the first secret share and second secret share, i.e., y_(n,1)=h₁^(s) ^(n,1) and y_(n,2) ^(s) ^(n,2) .

The cryptographic devices 604 and 606 may each combine their respectivefirst partial computation y_(n,1) and second partial computation y_(n,2)to produce partial computations y_(n). These partial computations may beused by the client computer 602 to generate a cryptographic key at alater time. The cryptographic devices 604 and 606 may use aDPRF.Combine(y_(n,1), y_(n,2)) function with the respective firstpartial computation and second partial computation as inputs to producethe output partial computations. In some embodiments, the DPRF.Combinefunction may comprise a product function that calculates the product ofthe two partial computations. For example, the cryptographic devices 604and 606 may produce their respective partial computations y_(n) usingthe following formula: y_(n)=y_(n,1)*y_(n,2)=h₁ ^(s) ^(n,1) *h₂ ^(s)^(n,2) .

Optionally, at step 620, the cryptographic device 604 and 606 may eachgenerate a respective partial signature z_(n) using the first commitmenth₁ and/or the second commitment h₂ and a verification share sk′_(n). Thecryptographic devices may generate each partial signatures using athreshold authentication partial signature function (TA.PartSign). theTA.PartSign function may take in the first commitment and/or the secondcommitment and the verification share as inputs and produce the partialsignature as an output. In some embodiments, the TA.PartSign functionmay comprise a distributed pseudorandom function. As an example, theTA.PartSign function may comprise an elliptic curve cryptographyfunction. This function may encrypt the first commitment and/or secondcommitment using the verification share to produce the partialsignature.

At step 622, the cryptographic devices 604 and 606 can transmit theirrespective partial computations y_(n) and optionally their respectivepartial signatures z_(n) to the client computer 602. In someembodiments, the client computer 602 may receive this plurality ofpartial computations and plurality of partial signatures from a proxydevice, wherein the proxy device receives the plurality of partialcomputations and the plurality of partial signatures from participatingcryptographic devices 604 and 606.

At step 624, the client computer 602 can retrieve a plurality of checkvalues g^(un), and g^(vn) and verify the partial computations y_(n)using the plurality of check values. As described above with referenceto FIG. 5, a trusted external server that produced the secret values andsecret shares may publish the check values. The client computer mayretrieve these published check values from the trusted external server,for example, via a web request. The client computer 602 may perform anhonest verifier zero knowledge (HVZK) proof in order to verify thesepartial computations. The client computer 602 may use a Check functionin order to execute the HVZK proof. The Check function may execute theHVZK proof according to any appropriate protocol (e.g., Schnorr'sprotocol, Fiat-Shamir, etc.). The client computer 602 can invoke HVZKproving procedures in parallel for each check value (e.g., invoking anHVZK proving procedure for g^(un) and another HVZK proving procedure forg^(vn)). Further details on HVZK proofs and techniques to perform HVZKproofs can be found in [4] Faust et al “On the Non-malleability of theFiat-Shamir Transform” in Cryptology ePrint Archive, Report 2012/704,2012, and [5] Agrawal, Mohassel, Mukherjee, and Rindal “DiSE:Distributed Symmetric-key Encryption” in Cryptology ePrint Archive,Report 2018/727, 2018. Based on the description in the presentdisclosure and these references, the skilled person will understand howto implement HVZK proofs in the present content.

At step 626, the client computer 602 may combine the plurality ofpartial computations to produce a cryptographic key y. Thiscryptographic key may be used by the client computer 602 to encrypt amessage m. The client computer 602 may combine the partial computationsusing a DPRF.Combine(y₁, y₂) function, which may take the plurality ofpartial computations as an input and produce a symmetric cryptographickey or a key generation seed that can be used to generate a symmetriccryptographic key. The DPRF.Combine function executed by the clientcomputer 602 may be similar to the DPRF.Combine function executed bycryptographic devices 604 and 606, in that it is used to combinemultiple partial computations into a single output. In some embodiments,both functions combine the partial computations by calculating a productof the partial computations. However, the DPRF.Combine function executedby the client computer 602 may first generate intermediate calculationsby exponentiating each partial computation y_(n) with its correspondingLagrange coefficient in λ_(n) (i.e., y_(n) ^(λ) ^(n) n) beforecalculating the product of those intermediate calculations. In someembodiments, the output of the DPRF.Combine function y may be calculatedusing the formula y=Π_(i)y_(i) ^(λ) ^(i) =Π_(i)(h_(i,1) ^(s) ^(i,1)+h_(i,2) ^(s) ^(i,2) )^(λ) ^(n) .

In some embodiments, the client computer 602 may use Lagrangeinterpolation in order to generate intermediate calculations. Theseintermediate calculations may then be combined to produce thecryptographic key or key generation seed. The client computer 602 mayexponentiate each partial computation y_(n) of the plurality of partialcomputations using a respective Lagrange coefficient λ_(n) (i.e., y_(n)^(λn)) as described above in Section I, in order to produce a pluralityof intermediate computations. These Lagrange coefficients λ_(n) maycorrespond to the cryptographic devices 604 and 606 that produced theplurality of partial computations. The Lagrange coefficients may havebeen generated by the trusted external server during the secret shareprovisioning process (described above with reference to FIG. 5). Theclient computer 602 may have received these Lagrange coefficients fromthe trusted external server prior to the distributed symmetricencryption process.

As stated above, the plurality of intermediate computations may becombined by calculating a product of the plurality of intermediatecomputations. This plurality of intermediate computations may beequivalent to the product of the first commitment h₁ and the secondcommitment h₂ encrypted using the first secret value S₁ and the secondsecret value S₂ respectively. In some embodiments, the combination ofintermediate computations may be used as a symmetric cryptographic key.In others, the combination of intermediate computations may be used as akey generation seed. The key generation seed may be input to a keygeneration function to produce the cryptographic key y.

At step 628, the client computer 602 may generate a verificationsignature z based on the plurality of partial signatures z_(n). Theclient computer may use a TA.CombineSig function using the partialsignatures as inputs. In some embodiments, combining partial signaturesto generate a verification signature may be similar to combining partialcomputations to generate the cryptographic key. In some embodiments,generating the verification signature may involve calculating a productof the partial signatures.

At step 630, the client computer 602 can generate a ciphertext e byencrypting the message m using the cryptographic key y. The clientcomputer can use any appropriate symmetric cryptosystem (such as AES) toperform this encryption. Optionally, the client computer may generatethe ciphertext by encrypting the message m and a random value r usingthe cryptographic key. This may be useful in cases where one or both ofthe first and second commitments h₁ and h₂ where generated using therandom value.

At step 632, the client computer 622 can generate a payload comprisingthe ciphertext e, the first commitment h₁, and the second commitment h₂.Optionally, the payload may additionally comprise the verificationsignature z, the random value r, and a hash indicator. The payload maycomprise the ciphertext and all data needed to decrypt the ciphertext(e.g., the first commitment and the second commitment). It may alsocomprise data needed to verify legitimate use of the distributedcryptographic system (the verification signature) and data needed tovalidate or otherwise verify the commitments (the random value and thehash indicator). The hash indicator may comprise an identifierindicating which hash functions were used to generate the firstcommitment and the second commitment. For example, the hash indicatormay comprise the string “SHA-256, BLAKE2”, indicating that the firstcommitment was generated using the SHA-256 hashing algorithm and thesecond commitment was generated using the BLAKE2 hashing algorithm.

The client computer 602 may store the payload and decrypt it at a latertime. For example, the client computer 602 may comprise a hospitalcomputer system, and the message may comprise a sensitive medicalrecord. The client computer 602 may encrypt the medical record andgenerate the payload in order to securely store the sensitive medicalrecord in a medical database. At a later time (e.g., during a patientvisit), the client computer 602 may retrieve the payload in order todecrypt the ciphertext and retrieve the medical record.

Alternatively, the client computer 602 may transmit the payload toanother client computer, which may use the information in the payload todecrypt the ciphertext and retrieve the message. For example, this maybe useful when the message comprises sensitive payment information. Theclient computer 602 could comprise a payment terminal associated with amerchant. When a customer makes a payment using the client computer 602,the client computer could encrypt the customer's payment information andgenerate a payload, then send the payload to a bank computercorresponding to that customer (e.g., a bank that maintains an accounton behalf of that customer). The bank computer could use the informationin the payload to decrypt the customer's payment information and enact apayment between the merchant and the customer.

B. Decryption

FIG. 7A shows a first part of an exemplary method of adaptive attackresistant distributed symmetric decryption according to someembodiments. FIG. 7A shows a client computer 702 along with threecryptographic devices 704, 706, and 708. The client computer 702 may bethe same client computer 602 from FIGS. 6A and 6B or a different clientcomputer. Likewise, cryptographic devices 704-708 may be the same ascryptographic devices 604-608 from FIGS. 6A and 6B or differentcryptographic devices. Although a proxy device and communicationsnetwork are not shown, in some embodiments, communications between theclient computer 702 and cryptographic devices 704-708 may be mediated ortransmitted via a proxy device and/or a communications network.

At step 710, the client computer 702 can receive a payload comprising aciphertext e, a first commitment h₁ and a second commitment h₂. Thefirst commitment h₁ may have been generated using a message m and afirst hash function H₁ (as described with reference to FIG. 6A).Likewise, the second commitment h₂ may have been generated using themessage and a second hash function H₂. The payload may additionallycomprise a verification signature z, a random value r, and a hashindicator. The client computer 702 may receive this payload from anotherclient computer (e.g., client computer 602 from FIGS. 6A and 6B).Alternatively, client computer 702 may have originally generated thepayload and may receive the payload by retrieving it from memory.

At step 712, the client computer 702 can select a predeterminedthreshold number of participating cryptographic devices. The thresholdnumber of cryptographic devices may comprise the minimum number ofparticipating cryptographic devices needed to perform distributedsymmetric decryption. In FIG. 7A, the client computer 702 selectscryptographic devices 704 and 708. Notably, the same cryptographicdevices used to produce the ciphertext (e.g., cryptographic devices 604and 606) do not need to participate in decrypting the ciphertext.

The client computer 702 may select the participating cryptographicdevices via any appropriate means or selection criteria. For example,the client computer 702 may select the participating cryptographicdevices randomly, or according to a trust score or security score. Forexample, a trust or security score may relate to the likelihood that aparticular cryptographic device has been compromised by a hacker, or bythe relative security of the hardware of that cryptographic device(e.g., the trust score may depend on whether the cryptographic devicepossesses secure memory or a trusted platform module). The clientcomputer 702 may select the participating cryptographic devices using aproxy device (not shown). The client computer 702 may transmit a requestto the proxy device requesting a threshold number of participatingcryptographic devices. The proxy device may then select theparticipating cryptographic devices on behalf of the client computer702.

At step 714, the client computer can transmit a decryption requestincluding the first commitment h₁ and the second commitment h₂ to eachof a plurality of cryptographic devices (i.e., participatingcryptographic devices 704 and 708). The decryption request mayadditionally comprise the verification signature z. The client computer702 may transmit the request via a proxy device, such that the clientcomputer transmits the first commitment and the second commitment to theproxy device and the proxy device transmits the first commitment and thesecond commitment to the plurality of participating cryptographicdevices.

FIG. 7B shows the second part of the exemplary method of distributedsymmetric decryption according to some embodiments. At step 716,optionally, the participating cryptographic devices (i.e., cryptographicdevice 704 and cryptographic device 708) can verify the verificationsignature z using a verification key vk and the first commitment h₁and/or the second commitment h₂. The participating cryptographic devicesmay verify the verification signature using a VerSig function, whichtakes the verification signature, the verification key, and the firstcommitment and/or the second commitment as inputs. The VerSig functionmay produce an output of 1 or “TRUE” if the verification signature islegitimate and may produce an output of 0 or “FALSE” if the verificationsignature is illegitimate.

In some embodiments, the signature verification process may comprisedecrypting the verification signature using the verification key toproduce an additional commitment h_(a). The participating cryptographicdevices can then compare the additional commitment h_(a) to the firstcommitment h₁, the second commitment h₂, and/or a combination thereof(e.g., the product of the first commitment h₁ and the second commitmenth₂). The signature verification process may be dependent on the processused to generate the verification signature. For example, if theverification signature is generated solely based on the first commitmenth₁, the signature verification process may comprise comparing the firstcommitment h₁ against the additional commitment h_(a).

In some embodiments, the verification signature may comprise acommitment (e.g., the first commitment or the second commitment)encrypted using a verification value. The verification key maycorrespond to the verification value. For example, the verification keymay comprise a public key corresponding to a private key verificationvalue. The participating cryptographic devices may verify theverification signature by decrypting the verification signature usingthe verification key, then comparing the output to the first commitmentor the second commitment. If the output matches the first commitment orthe second commitment, the verification signature is legitimate.

At step 718, the participating cryptographic devices can each generate afirst partial computation y_(n,1) and a second partial computationy_(n,2). The participating cryptographic devices can then combine theirrespective first and second partial computations to produce a partialcomputation y_(n).

As described with reference to FIG. 6B, each participating cryptographicdevice can generate their first partial computation y_(n,1) using arespective first secret share u_(n) and the first commitment h₁. Theparticipating cryptographic devices may generate these first partialcomputations using a DPRF.Eval function, which evaluates a distributedpseudorandom function using the first commitment and the first secretshare as arguments. In some embodiments, the distributed pseudorandomfunction may comprise an elliptic curve cryptographic functionimplementing elliptic curve cryptography. That is, the cryptographicdevices may use the DPRF.Eval function to encrypt the first commitmentusing their respective first secret shares as cryptographic keys. Indoing so, each cryptographic device 604 and 606 may produce a firstpartial computation.

The second partial computations y_(n,2) can be generated using therespective second secret shares v_(n) and the second commitment h₂ in asimilar manner. As an example, the cryptographic devices 704 and 708 canuse a DPRF.Eval function (such as an elliptic curve cryptographyfunction) to encrypt the second commitment using the second secret shareas a cryptographic key, thereby producing the second partialcomputations.

As stated above, in some embodiments, the first partial computationy_(n,1) and the second partial computation y_(n,2) can be generated byevaluating a distributed pseudorandom function, such as an ellipticcurve cryptography function. This may comprise the cryptographic devices704 and 708 encrypting the first commitment h₁ and the second commitmenth₂ using the first secret share s_(n,1) and the second secret shareS_(n,2) to produce the first partial computation and the second partialcomputation respectively. In an elliptic curve cryptosystem, this maycomprise converting the first commitment and the second commitment intopoints in an elliptic curve group, then exponentiating those pointsusing the first secret share and second secret share, i.e., y_(n,1)=h₁^(s) ^(n,1) and y_(n,2)=h₂ ^(s) ^(n,2) .

The cryptographic devices 704 and 708 may each combine their respectivefirst partial computation y_(n,1) and second partial computation y_(n,2)to produce partial computations y_(n). These partial computations may beused by the client computer 702 to generate a cryptographic key at alater time. The cryptographic devices 704 and 708 may use aDPRF.Combine(y_(n,1), y_(n,2)) function with the respective firstpartial computation and second partial computation as inputs to producethe output partial computations. In some embodiments, the DPRF.Combinefunction may comprise a product function that calculates the product ofthe two partial computations. For example, the cryptographic devices 704and 708 may produce their respective partial computations y_(n) usingthe following formula: y_(n)=y_(n,1)*y_(n,2)=h₁ ^(s) ^(n,1) *h₂ ^(s)^(n,2) .

At step 720, the cryptographic devices 704 and 708 may optionally recordthat the client computer 702 intends to decrypt the message m in a logfile. The cryptographic devices 704 and 708 may determine that theclient computer 702 intends to decrypt the message based on the presenceof the verification signature z, as a verification signature may not beneeded to perform encryption. Recording the behavior of client computersin log files can help prevent misuse of the distributed cryptographicsystem, and may be useful for security audits.

At step 722, the cryptographic devices 704 and 708 can transmit theirrespective partial computations y_(n) to the client computer 702. Insome embodiments, the client computer 702 may receive this plurality ofpartial computations from a proxy device, wherein the proxy devicereceives the plurality of partial computations from the participatingcryptographic devices 704 and 708.

In some embodiments, the partial computations received by the clientcomputer 702 at step 722 may be referred to as “additional partialcomputations,” for example, because they are received in addition topartial computations used in a distributed encryption process (e.g., thepartial computations received by client computer 602 at step 622 in FIG.6B). This may be the case when client computer 702 is using thecryptographic device network to decrypt data it had previously encrypted(e.g., sensitive files stored on a hard drive). In this case, the termadditional partial computation distinguishes the partial computationsused in encryption and decryption, however, it should be understood thatone or more additional partial computations may be the same as one ormore partial computations used in encryption (if for example, the samecryptographic devices participate in the encryption and decryptionoperations).

At step 724, the client computer 702 can retrieve a plurality of checkvalues g^(un), and r and verify the partial computations y_(n) using theplurality of check values. As described above with reference to FIG. 5,a trusted external server that produced the secret values and secretshares may publish the check values. The client computer may retrievethese published check values from the trusted external server, forexample, via a web request. The client computer 702 may perform anhonest verifier zero knowledge (HVZK) proof in order to verify thesepartial computations. The client computer 702 may use a Check functionin order to execute the HVZK proof. The client computer 702 can invokeHVZK proving procedures in parallel for each check value (e.g., invokingan HVZK proving procedure for g^(un) and another HVZK proving procedurefor g^(vn)). The Check function may execute the HVZK proof according toany appropriate protocol as described above with reference to FIG. 6(e.g., Schnorr's protocol, Fiat-Shamir, etc.).

At step 726, the client computer 702 may combine the plurality ofpartial computations to produce a cryptographic key y. Thiscryptographic key may be used by the client computer 702 to decrypt theciphertext e in order to produce the message m. The client computer 702may combine the partial computations using a DPRF.Combine(y₁, y₃)function, which may take the plurality of partial computations as aninput and produce a symmetric cryptographic key or a key generation seedthat can be used to generate a symmetric cryptographic key. TheDPRF.Combine function executed by the client computer 702 may be similarto the DPRF.Combine function executed by cryptographic devices 704 and708, in that it is used to combine multiple partial computations into asingle output. In some embodiments, both functions combine the partialcomputations by calculating a product of the partial computations.However, the DPRF.Combine function executed by the client computer 702may first generate intermediate calculations by exponentiating eachpartial computation y_(n) with its corresponding Lagrange coefficientλ_(n) (i.e., y_(n) ^(λ) ^(n) ) before calculating the product of thoseintermediate calculations. In some embodiments, the output of theDPRF.Combine function y may be calculated using the formula y=Π_(i)y_(i)^(λ) ^(i) =Π_(i)(h_(i,1) ^(s) ^(i,1) +h_(i,2) ^(s) ^(i,2) )^(λ) ^(n) .

These intermediate calculations may then be combined to produce thecryptographic key or key generation seed. The client computer 702 mayexponentiate each partial computation y_(n) of the plurality of partialcomputations using a respective Lagrange coefficient λ_(n) (i.e., y_(n)^(λ) ^(n) ) as described above in Section I, in order to produce aplurality of intermediate computations. These Lagrange coefficientsλ_(n) may correspond to the cryptographic devices 704 and 708 thatproduced the plurality of partial computations. The Lagrangecoefficients may have been generated by the trusted external serverduring the secret share provisioning process (described above withreference to FIG. 5). The client computer 702 may have received theseLagrange coefficients from the trusted external server prior to thedistributed symmetric encryption process.

As stated above, the plurality of intermediate computations may becombined by calculating a product of the plurality of intermediatecomputations. This plurality of intermediate computations may beequivalent to the product of the first commitment h₁ and the secondcommitment h₂ encrypted using the first secret value S₁ and the secondsecret value S₂ respectively. In some embodiments, the combination ofintermediate computations may be used as a symmetric cryptographic key.In others, the combination of intermediate computations may be used as akey generation seed. The key generation seed may be input to a keygeneration function to produce the cryptographic key y.

At step 728, the client computer 702 can decrypt the ciphertext e usingthe cryptographic key y to produce the message m. The client computercan use any appropriate symmetric cryptosystem (such as AES) to performthis encryption. Optionally, the client computer may produce the messageand a random value r by decrypting the ciphertext. The random value maybe useful in verifying the first commitment h₁ and the second commitmenth₂ at a later step.

At optional step 730, the client computer 702 can determine the firsthash function H₁ used to generate the first commitment h₁ and the secondhash function H₂ used to generate the second commitment h₂ using a hashindicator. The hash indicator may uniquely identify the first hashfunction and the second hash function. For example the hash indicatormay comprise a string such as “BLAKE2, SHA-256”, indicating that thefirst hash function is the BLAKE2 hash function, and the second hashfunction is the SHA-256 hash function.

At optional step 732, the client computer 702 may verify that the firstcommitment h₁ and second commitment h₂ are consistent with the messagem. The client computer 702 may perform this verification by generating athird commitment h₃ and a fourth commitment h₄. The third commitment maybe generated using the message and the first hash function (identifiedin optional step 730) and optionally a random value r. The fourthcommitment may be generated using the message and the second hashfunction (identified in optional step 730) and optionally the randomvalue. Because the first commitment and third commitment are generatedusing the same hash function, the same message and optionally the samerandom value, they should be equal. Likewise, because the secondcommitment and the fourth commitment are generated using the same hashfunction, the same message, and optionally the same random value, theyshould be equal. Thus the client computer 702 can verify the message bycomparing the first commitment to the third commitment and by comparingthe second commitment to the fourth commitment. If the commitments donot match, it may indicate that the message has been tampered with.

V. Computer System

Any of the computer systems mentioned herein may utilize any suitablenumber of subsystems. Examples of such subsystems are shown in FIG. 8 incomputer system 800. In some embodiments, a computer system includes asingle computer apparatus and the subsystems may comprise components ofthe computer apparatus. In other embodiments, a computer system caninclude multiple computer apparatuses, each being a subsystem withinternal components.

The subsystems shown in FIG. 8 are interconnected via a system bus 1005.Additional subsystems such as a printer 804, keyboard 808, storagedevice(s) 809, monitor 806 (coupled to display adapter 811), and othersare shown. Peripherals and input/output (I/O) devices which couple toI/O controller 801, can be connected to the computer system by anynumber of means known in the art such as input/output (I/O) port 807(e.g., USB, FireWire®). For example, I/O port 807 or external interface810 (e.g. Ethernet, Wi-Fi, etc.) can be used to connect computer system800 to a wide area network such as the Internet, a mouse input device,or a scanner. The interconnection via system bus 805 allows the centralprocessor 803 to communicate with each subsystem and to control theexecution of instructions from system memory 802 or the storagedevice(s) 809 (e.g., a fixed disk, such as a hard drive or opticaldisk), as well as the exchange of information between subsystems. Thesystem memory 802 and/or the storage device(s) 809 may embody a computerreadable medium. Any of the data mentioned herein can be output from onecomponent to another component and can be output to the user.

A computer system can include a plurality of the same components orsubsystems, e.g., connected together by external interface 810 or by aninternal interface. In some embodiments, computer systems, subsystems,or apparatuses can communicate over a network. In such instances, onecomputer can be considered a client and another computer a server, whereeach can be part of a same computer system. A client and a server caneach include multiple systems, subsystems, or components.

It should be understood that any of the embodiments of the presentinvention can be implemented in the form of control logic using hardware(e.g., an application specific integrated circuit or field programmablegate array) and/or using computer software with a generally programmableprocessor in a modular or integrated manner. As used herein a processorincludes a single-core processor, multi-core processor on a sameintegrated chip, or multiple processing units on a single circuit boardor networked. Based on the disclosure and teachings provided herein, aperson of ordinary skill in the art will know and appreciate other waysand/or methods to implement embodiments of the present invention usinghardware and a combination of hardware and software.

Any of the software components or functions described in thisapplication may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C, C++, C#, Objective-C, Swift, or scripting language such as Perlor Python using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructionsor commands on a computer readable medium for storage and/ortransmission, suitable media include random access memory (RAM), a readonly memory (ROM), a magnetic medium such as a hard-drive or a floppydisk, or an optical medium such as a compact disk (CD) or DVD (digitalversatile disk), flash memory, and the like. The computer readablemedium may be any combination of such storage or transmission devices.

Such programs may also be encoded and transmitted using carrier signalsadapted for transmission via wired, optical, and/or wireless networksconforming to a variety of protocols, including the Internet. As such, acomputer readable medium according to an embodiment of the presentinvention may be created using a data signal encoded with such programs.Computer readable media encoded with the program code may be packagedwith a compatible device or provided separately from other devices(e.g., via Internet download). Any such computer readable medium mayreside on or within a single computer product (e.g. a hard drive, a CD,or an entire computer system), and may be present on or within differentcomputer products within a system or network. A computer system mayinclude a monitor, printer or other suitable display for providing anyof the results mentioned herein to a user.

Any of the methods described herein may be totally or partiallyperformed with a computer system including one or more processors, whichcan be configured to perform the steps. Thus, embodiments can bedirected to computer systems configured to perform the steps of any ofthe methods described herein, potentially with different componentsperforming a respective steps or a respective group of steps. Althoughpresented as numbered steps, steps of methods herein can be performed ata same time or in a different order. Additionally, portions of thesesteps may be used with portions of other steps from other methods. Also,all or portions of a step may be optional. Additionally, and of thesteps of any of the methods can be performed with modules, circuits, orother means for performing these steps.

The specific details of particular embodiments may be combined in anysuitable manner without departing from the spirit and scope ofembodiments of the invention. However, other embodiments of theinvention may be directed to specific embodiments relating to eachindividual aspect, or specific combinations of these individual aspects.The above description of exemplary embodiments of the invention has beenpresented for the purpose of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdescribed, and many modifications and variations are possible in lightof the teaching above. The embodiments were chosen and described inorder to best explain the principles of the invention and its practicalapplications to thereby enable others skilled in the art to best utilizethe invention in various embodiments and with various modifications asare suited to the particular use contemplated.

A recitation of “a”, “an” or “the” is intended to mean “one or more”unless specifically indicated to the contrary. The use of “or” isintended to mean an “inclusive or,” and not an “exclusive or” unlessspecifically indicated to the contrary.

All patents, patent applications, publications and description mentionedherein are incorporated by reference in their entirety for all purposes.None is admitted to be prior art.

What is claimed is:
 1. A method comprising performing, by a computersystem: generating a first commitment using a message and a first hashfunction; generating a second commitment using the message and a secondhash function; transmitting a request including the first commitment andthe second commitment to each of a plurality of cryptographic devices,the plurality of cryptographic devices storing a first plurality ofsecret shares that are generated from a first secret value and a secondplurality of secret shares that are generated from a second secretvalue; receiving, from the plurality of cryptographic devices, aplurality of partial computations, wherein each partial computation ofthe plurality of partial computations was generated by a respective oneof the plurality of cryptographic devices using a respective firstpartial computation and a respective second partial computation, whereinthe respective first partial computation is generated using a respectivefirst secret share and the first commitment, and wherein the respectivesecond partial computation is generated using a respective second secretshare and the second commitment; generating a cryptographic key based onthe plurality of partial computations; generating a ciphertext byencrypting the message using the cryptographic key; generating a payloadcomprising the ciphertext, the first commitment, and the secondcommitment, wherein the payload additionally comprises a verificationsignature that is generated by: receiving, from the plurality ofcryptographic devices, a plurality of partial signatures, wherein eachpartial signature of the plurality of partial signatures was generatedby a respective one of the plurality of cryptographic devices using arespective verification share of a plurality of verification shares andthe first commitment and/or the second commitment; and generating theverification signature based on the plurality of partial signatures. 2.The method of claim 1, further comprising, after receiving the pluralityof partial computations from the plurality of cryptographic devices:retrieving a plurality of check values, the plurality of check valuescorresponding to the plurality of partial computations; and verifyingthe plurality of partial computations using the plurality of checkvalues.
 3. The method of claim 1, wherein: generating the firstcommitment using the message and the first hash function additionallycomprises using a random value; generating the second commitment usingthe message and the second hash function additionally comprises usingthe random value; and generating a ciphertext by encrypting the messageusing the cryptographic key comprises generating a ciphertext byencrypting the message and the random value using the cryptographic key.4. The method of claim 1, further comprising, prior to generating thefirst commitment and the second commitment: randomly selecting the firsthash function and the second hash function from a plurality of hashfunctions.
 5. The method of claim 1, wherein: transmitting the firstcommitment and the second commitment to the plurality of cryptographicdevices comprises transmitting the first commitment and the secondcommitment to a proxy device, wherein the proxy device transmits thefirst commitment and the second commitment to the plurality ofcryptographic devices; and receiving the plurality of partialcomputations from the plurality of cryptographic devices comprisesreceiving, from the proxy device, the plurality of partial computations,wherein the proxy device receives the plurality of partial computationsfrom the plurality of cryptographic devices.
 6. The method of claim 1,wherein the plurality of cryptographic devices comprises at least apredetermined threshold number of cryptographic devices, and wherein thepredetermined threshold number of cryptographic devices is less than atotal number of cryptographic devices.
 7. The method of claim 1, whereingenerating the cryptographic key based on the plurality of partialcomputations comprises: exponentiating each partial computation of theplurality of partial computations using a respective Lagrangecoefficient, thereby generating a plurality of intermediatecomputations; calculating a product of the plurality of intermediatecomputations; and generating the cryptographic key based on the productof the plurality of intermediate computations.
 8. The method of claim 1,further comprising: transmitting the first commitment and the secondcommitment to each of a plurality of additional cryptographic devices,the plurality of additional cryptographic devices storing a thirdplurality of secret shares that are generated from the first secretvalue and a fourth plurality of secret shares that are generated fromthe second secret value; receiving, from the plurality of additionalcryptographic devices, a plurality of additional partial computations,wherein each of the plurality of additional partial computations wasgenerated by a respective one of the plurality of additionalcryptographic devices using a respective third partial computation and arespective fourth partial computation, wherein the respective thirdpartial computation is generated using a respective third secret shareand the first commitment, and wherein the respective fourth partialcomputation is generated using a respective fourth secret share and thesecond commitment; generating the cryptographic key based on theadditional plurality of partial computations; and decrypting theciphertext using the cryptographic key to produce the message.
 9. Themethod of claim 8, wherein: one or more cryptographic devices of theplurality of cryptographic devices are the same as one or moreadditional cryptographic devices of the plurality of additionalcryptographic devices; one or more first secret shares of the firstplurality of secret shares are the same as one or more fourth secretshares of the fourth plurality of secret shares; and one or more secondsecret shares of the second plurality of secret shares are the same asone or more fourth secret shares of the fourth plurality of secretshares.
 10. A method comprising performing, by a computer system:receiving a payload comprising a ciphertext, a first commitment, and asecond commitment; transmitting a request including the first commitmentand the second commitment to each of a plurality of cryptographicdevices, the plurality of cryptographic devices storing a firstplurality of secret shares that are generated from a first secret valueand a second plurality of secret shares that are generated from a secondsecret value; receiving, from the plurality of cryptographic devices, aplurality of partial computations, wherein each partial computation ofthe plurality of partial computations was generated by a respective oneof the plurality of cryptographic devices using a respective firstpartial computation and a respective second partial computation, whereinthe respective first partial computation is generated using a respectivefirst secret share and the first commitment, and wherein the respectivesecond partial computation is generated using a respective second secretshare and the second commitment; generating a cryptographic key based onthe plurality of partial computations; and decrypting the ciphertextusing the cryptographic key to produce a message, wherein: the payloadadditionally comprises a verification signature; the requestadditionally comprises the verification signature; and the plurality ofcryptographic devices verify the verification signature using averification key, the first commitment and/or the second commitment. 11.The method of claim 10, wherein the first commitment was generated usingthe message and a first hash function, wherein the second commitment wasgenerated using the message and a second hash function, wherein thepayload additionally comprises a hash indicator and wherein the methodfurther comprises: determining the first hash function and the secondhash function using the hash indicator; generating a third commitmentusing the message and the first hash function; generating a fourthcommitment using the message and the second hash function; and verifyingthe message by comparing the first commitment to the third commitmentand comparing the second commitment to the fourth commitment.
 12. Themethod of claim 11, wherein: the first commitment was generated using arandom value in addition to the message and the first hash function; thesecond commitment was generated using the random value in addition tothe message and the second hash function; the third commitment isgenerated using the random value in addition to the message and thefirst hash function; and the fourth commitment is generated using therandom value in addition to the message and the second hash function.13. A method comprising performing, by a cryptographic device:receiving, from a client computer, a request including a firstcommitment generating using a message and a first hash function, and asecond commitment generated using the message and a second hashfunction; generating a first partial computation based on a first secretshare and the first commitment; generating a second partial computationbased on a second secret share and the second commitment; generating apartial computation by combining the first partial computation and thesecond partial computation; transmitting the partial computation to theclient computer, thereby enabling the client computer to: (1) generate acryptographic key using the partial computation, (2) encrypt the messageusing the cryptographic key, thereby generating a ciphertext, and (3)generate a payload comprising the ciphertext, the first commitment, andthe second commitment; generating a partial signature based on the firstcommitment and/or the second commitment, and a verification share; andtransmitting the partial signature to the client computer, therebyenabling the client computer to generate a verification signature usingthe partial signature.
 14. The method of claim 13, further comprising,prior to receiving the request from the client computer, receiving thefirst secret share and the second secret share from a trusted externalserver, wherein the trusted external server also transmits one or moreother secret shares to one or more other cryptographic devices.
 15. Themethod of claim 13, further comprising: receiving, from the clientcomputer, the verification signature, the first commitment, and thesecond commitment; verifying the verification signature using averification key and the first commitment and/or the second commitment;generating the first partial computation based on the first commitmentand the first secret share; generating the second partial computationbased on the second commitment and the second secret share; generatingthe partial computation by combining the first commitment and the secondcommitment; and transmitting the partial computation to the clientcomputer, wherein the client computer uses the partial computation togenerate the cryptographic key and uses the cryptographic key to decryptthe ciphertext to produce the message.
 16. The method of claim 15,wherein verifying the verification signature using the verification keyand the first commitment and/or second commitment comprises: decryptingthe verification signature using the verification key to produce anadditional commitment; and comparing the additional commitment to thefirst commitment, the second commitment, and/or a combination thereof.17. The method of claim 15, further comprising: receiving, from theclient computer, an indicator indicating that the client computerintends to decrypt the message; and recording that the client computerintends to decrypt the message in a log file.